HTTP Headers Analysis for https://ably.com

Detected Technologies from Headers

See all in URL Inspect 2

Cloudflare CDN

Heroku

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=15552000; preload

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Origin,Accept-Encoding

connection: close
transfer-encoding: chunked
vary: Origin,Accept-Encoding

Caching Headers

Cache-Control

Caching

max-age=0, private, must-revalidate

cache-control: max-age=0, private, must-revalidate

Content Headers

Content-Type

Content

text/html; charset=utf-8

content-type: text/html; charset=utf-8

Server Headers

Server

cloudflare

X-Runtime

Server

0.126704

server: cloudflare
x-runtime: 0.126704

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: ably_device_id=svtpQh6b7h6atxv6Zu9jUw8cjO7pPycHKS0cb%2FEaEoHhvl4HALbQH2OfraOT9Tb%2B8MPpqEw6Wn9VAD6Nq7SOClTekjy9lS8FLPPse02vI2x%2FFwbRiKxkNcLplXpZmPV7a3VrbRYPz%2Bvj4bJIk7HytsUFHBvzPpIE%2FgkSsGfJfRhyJheRQ3EZX%2BUhLHg%3D--WgFMufPPiubDMTY3--CUeCPoNXVwl9bP%2FEm0Jj2Q%3D%3D; path=/; expires=Wed, 28 Apr 2027 06:35:31 GMT; HttpOnly; SameSite=Lax; secure
_ably_session=nn4V8qOFEwyM8GYP2K98cahFWdK6bYxGYxIbkgFUW6OwhrShIdJKGtEYtTdx7%2FTDVaVMCTDttVd5FvOGSfVnaRcVcNfntISwd%2FTxuE7FaluOTgzY8y2ZJS7X4yHVlAtpROwKIMNq4Fh%2BnJPavrwCR7m4npjf9HiiS5SjtmMY6HbuA8LEL22e3D8pvDNTdHPQUUqGmKoufUU7%2Fspo%2FvjV83DZE%2F7qynL2Ewm24burLfvPIvxurQT3gnxYsTMkf2SvpTLPmsO4tSkT2A2fcTYpAgN2rOIBQYuJaorFztr7Mhq7F1CqAOE0FK2wPmwVNJBdeT8UK72b%2BzcgPyZ7xIf3FHI8uQQhmB8%3D--2LdLgr%2F5E4k274gg--6hwIGaJB56cid%2FXk3CE%2BtA%3D%3D; path=/; expires=Tue, 28 Apr 2026 08:35:31 GMT; secure; HttpOnly; SameSite=Lax

Other Headers

Cf-Cache-Status

Other

BYPASS

Cf-Ray

Other

9f340c1fed1ea504-IAD

Date

Other

Tue, 28 Apr 2026 06:35:31 GMT

Nel

Other

Report-To Group heroku-nel max-age: 1h

success: 1.0% failure: 10.0%

Report-To

Other

Group heroku-nel max-age: 1h

Endpoint 1 https://nel.heroku.com/reports?s=B2X3x7Fab%2Bkk7YCHbEQka9n4e4I%2B6SzWCn98XppfY0w%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1777358131

Reporting-Endpoints

Other

heroku-nel="https://nel.heroku.com/reports?s=B2X3x7Fab%2Bkk7YCHbEQka9n4e4I%2B6SzWCn98XppfY0w%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1777358131"

Via

Other

2.0 heroku-router

X-Download-Options

Other

noopen

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

743becc2-a80e-512f-bfcf-42c8e2c12268

cf-cache-status: BYPASS
cf-ray: 9f340c1fed1ea504-IAD
date: Tue, 28 Apr 2026 06:35:31 GMT
nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
report-to: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=B2X3x7Fab%2Bkk7YCHbEQka9n4e4I%2B6SzWCn98XppfY0w%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1777358131"}],"max_age":3600}
reporting-endpoints: heroku-nel="https://nel.heroku.com/reports?s=B2X3x7Fab%2Bkk7YCHbEQka9n4e4I%2B6SzWCn98XppfY0w%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1777358131"
via: 2.0 heroku-router
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-request-id: 743becc2-a80e-512f-bfcf-42c8e2c12268

Recommendations

Enable compression (gzip/brotli) to improve performance