HTTP Headers Analysis for https://account.api.stream

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Caching Headers

3 headers

Cache-Control

Caching

no-store, no-cache, must-revalidate

Expires

Caching

Thu, 01 Jan 1970 00:00:00 UTC

Pragma

Caching

no-cache

Content Headers

1 headers

Content-Type

Content

text/html;charset=UTF-8

Server Headers

1 headers

Server

cloudflare

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

6 headers

Alt-Svc

Other

h3=":443"; ma=86400

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9be28e570a4f05f6-IAD

Content-Security-Policy-Report-Only

Other

report-uri https://sentry.io/api/1730274/security/?sentry_key=2a316e48969b4ea09a575c9de5b08f09; script-src 'nonce-EbK4taYvWB8e1EDGp/HLZYccXBg=' 'self' https://js.chargebee.com https://js1.chargebee.com https://cnstatic.devcb.in https://dgkxwewtzsnml.cloudfront.net https://go.referralcandy.com https://*.sentry-cdn.com https://hcaptcha.com https://*.hcaptcha.com https://cdn.pendo.io https://*.pendo.com data: https://*.google.com https://*.googleapis.com https://maps.googleapis.com https://google.com https://*.cardinalcommerce.com https://*.kaptcha.com https://*.salesflare.com https://*.paytmpayments.com https://core.spreedly.com https://www.paypalobjects.com https://www.paypal.com https://cdn.sift.com https://forms.finixpymnts.com https://cdn.mathjax.org https://js.cobrowse.io https://js.stripe.com https://assets.payfurl.com https://ebanx-js.ebanx.com https://connect.facebook.net 'sha256-jjMRnD48p+PyMPVGFijWfgSnkelbj/APH3uJacPuoB0=' 'sha256-5kvpNcCH36zRfzE9xhEm3430TJr9pqZRQNPw/JcNCAI=' 'sha256-0QF6XTN2zxURUBa+L8+AMfQzCALzVVwaW9xEOsMf/X0=' 'sha256-1e5RR2OpHhuX2h0Bat19DsNTmqbo4M3T1pqfeTXCHaA=' 'sha256-sNwJrI1ys8g8vRBMMn91qrdGGZ/g4YN5Ko0ti/yuNk8=' 'sha256-cFgMlKU09Tr4M0TzLaoHXoHqRlsSDP2JKUTVjBUsKwA=' 'sha256-6UjTMctmhk38SzYW5Wggf6yrdhprh/M0mTizwnEELl8=' 'sha256-b+mf6EIMFYxuAIdk6/2IF09zTUsJrlW6qZaw4opG6QU=' 'sha256-qlWkm8fetBd204B6qK6AnpRMW1ilEmMugM43R0MJINY=' 'sha256-idXcl/I72NrKqcrCjsjRVPVJBtjd2Y6PyKVx8W3ndjw=' 'sha256-iVfin/zxP7iUxfueU0JXFFnY/41IhM5gpR3ocB+ZrMY=' 'sha256-lHMfYllZf/q0E78OM3FGfdI9E1AFkt8jUPPZHT5eJNw=' 'sha256-42/foZPGaEBG0IpG0ime8VINAWcVs3CcZByMO183Cjw=' blob: https://api-stream.chargebeestaticv2.com http://dgkxwewtzsnml.cloudfront.net/static/app-static-assets/hp/hp-9.1.2/ https://*.adyen.com https://*.payments-amazon.com https://*.paypal.com https://js.braintreegateway.com https://assets.braintreegateway.com https://c.paypal.com https://pay.google.com https://*.bluesnap.com; script-src-elem 'nonce-EbK4taYvWB8e1EDGp/HLZYccXBg=' 'self' https://js.chargebee.com https://js1.chargebee.com https://cnstatic.devcb.in https://dgkxwewtzsnml.cloudfront.net https://go.referralcandy.com https://www.datadoghq-browser-agent.com https://*.sentry-cdn.com https://hcaptcha.com https://*.hcaptcha.com https://cdn.pendo.io https://*.pendo.com data: https://*.google.com https://*.googleapis.com https://maps.googleapis.com https://google.com https://*.cardinalcommerce.com https://*.kaptcha.com https://*.salesflare.com https://*.paytmpayments.com https://*.cloudflare.com https://*.authorize.net https://js.authorize.net https://edge.fullstory.com https://core.spreedly.com https://www.paypalobjects.com https://www.paypal.com https://cdn.sift.com https://cdn.plaid.com https://forms.finixpymnts.com https://cdn.mathjax.org https://js.cobrowse.io https://js.stripe.com https://assets.payfurl.com https://ebanx-js.ebanx.com https://applepay.cdn-apple.com https://connect.facebook.net 'sha256-jjMRnD48p+PyMPVGFijWfgSnkelbj/APH3uJacPuoB0=' 'sha256-5kvpNcCH36zRfzE9xhEm3430TJr9pqZRQNPw/JcNCAI=' 'sha256-0QF6XTN2zxURUBa+L8+AMfQzCALzVVwaW9xEOsMf/X0=' 'sha256-1e5RR2OpHhuX2h0Bat19DsNTmqbo4M3T1pqfeTXCHaA=' 'sha256-sNwJrI1ys8g8vRBMMn91qrdGGZ/g4YN5Ko0ti/yuNk8=' 'sha256-cFgMlKU09Tr4M0TzLaoHXoHqRlsSDP2JKUTVjBUsKwA=' 'sha256-6UjTMctmhk38SzYW5Wggf6yrdhprh/M0mTizwnEELl8=' 'sha256-b+mf6EIMFYxuAIdk6/2IF09zTUsJrlW6qZaw4opG6QU=' 'sha256-qlWkm8fetBd204B6qK6AnpRMW1ilEmMugM43R0MJINY=' 'sha256-idXcl/I72NrKqcrCjsjRVPVJBtjd2Y6PyKVx8W3ndjw=' 'sha256-iVfin/zxP7iUxfueU0JXFFnY/41IhM5gpR3ocB+ZrMY=' 'sha256-lHMfYllZf/q0E78OM3FGfdI9E1AFkt8jUPPZHT5eJNw=' 'sha256-42/foZPGaEBG0IpG0ime8VINAWcVs3CcZByMO183Cjw=' blob: https://api-stream.chargebeestaticv2.com http://dgkxwewtzsnml.cloudfront.net/static/app-static-assets/hp/hp-9.1.2/ https://*.adyen.com https://*.payments-amazon.com https://*.paypal.com https://js.braintreegateway.com https://assets.braintreegateway.com https://c.paypal.com https://pay.google.com https://*.bluesnap.com; connect-src 'self' https://*.chargebee.com https://*.hp.chargebee.com https://*.chargebeeportal.com https://*.chargebeestatic.com https://*.chargebeestaticv2.com https://*.hp.chargebeestaticv2.com https://*.amazonaws.com https://*.eu-central-1.awsapprunner.com https://*.us-west-2.awsapprunner.com https://9ygka2mubi.eu-central-1.awsapprunner.com https://js.chargebee.com https://js1.chargebee.com https://d2jxbtsa1l6d79.cloudfront.net https://dgkxwewtzsnml.cloudfront.net https://sentry.io/api/ https://*.sentry.io https://hcaptcha.com https://*.hcaptcha.com https://data.pendo.io https://*.pendo.com https://maps.googleapis.com https://google.com https://www.google.com https://gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.googleusercontent.net https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.kaptcha.com https://*.salesflare.com https://*.ebanx.com https://*.paypal.com https://*.payfurl.com https://*.amazon.com https://*.amazon.in https://*.cardinalcommerce.com https://*.navifinserv.com https://*.paytmpayments.com https://*.authorize.net https://js.authorize.net https://api.stripe.com https://tez.google.com/ https://www.paypal.com/ https://www.paypal.com https://mercury.phonepe.com https://securegw.paytm.in https://cred.club https://finix.live-payments-api.com https://spay.samsung.com https://api-edge.cognitive.microsofttranslator.com/ https://app.autopay.pl https://production.plaid.com https://sandbox.plaid.com https://app.jupiter.money https://api.payfurl.com https://facebook.com https://www.facebook.com https://connect.facebook.net https://*.adyen.com https://*.braintree-api.com https://client-analytics.sandbox.braintreegateway.com https://payments.sandbox.braintree-api.com https://origin-analytics-sand.sandbox.braintree-api.com https://client-analytics.braintreegateway.com https://api.sandbox.braintreegateway.com https://api.braintreegateway.com https://pay.google.com https://google.com/pay/ https://pay.google.com/about/redirect/; default-src 'self'; frame-src data: * https://cb-downloads-prod.s3.us-east-1.amazonaws.com https://account.api.stream https://api-stream.chargebeeportal.com; img-src data: 'self' https://*.chargebee.com https://*.hp.chargebee.com https://*.amazon.com https://*.amazonaws.com https://js.chargebee.com https://js1.chargebee.com https://d2jxbtsa1l6d79.cloudfront.net https://dz1p4ofk6ug4u.cloudfront.net https://cb-prod-eu-c1-invoice-logos.s3.eu-central-1.amazonaws.com https://data.pendo.io https://*.pendo.com https://csi.gstatic.com https://maps.gstatic.com https://google.com https://www.google.com https://gstatic.com https://*.googleusercontent.net https://*.googleapis.com https://*.googleuseragent.com https://*.gstatic.com https://*.google.com https://*.amazon.in https://*.bluesnap.com https://facebook.com https://www.facebook.com https://connect.facebook.net blob: https://cb-invoice-logos-prod.s3.us-east-1.amazonaws.com http://d2jxbtsa1l6d79.cloudfront.net/static/app-static-assets/hp/hp-9.1.2/ https://*.adyen.com https://*.media-amazon.com https://*.paypal.com https://www.paypalobjects.com https://assets.braintreegateway.com https://checkout.paypal.com; media-src https://*.chargebee.com https://*.hp.chargebee.com data: https://*.gstatic.com; style-src https://*.chargebee.com https://*.hp.chargebee.com https://js.chargebee.com https://js1.chargebee.com https://dgkxwewtzsnml.cloudfront.net https://d2jxbtsa1l6d79.cloudfront.net https://*.hcaptcha.com https://*.googleapis.com https://www.gstatic.com 'unsafe-inline' 'self' https://*.cloudflare.com https://cdn.honey.io https://fonts.bunny.net https://assets.payfurl.com https://use.fontawesome.com https://fonts.cdnfonts.com http://d2jxbtsa1l6d79.cloudfront.net/static/app-static-assets/hp/hp-9.1.2/ https://account.api.stream https://api-stream.chargebeeportal.com https://*.adyen.com https://*.media-amazon.com https://*.paypal.com https://*.google.com https://*.paypalobjects.com; style-src-elem https://*.chargebee.com https://*.hp.chargebee.com https://js.chargebee.com https://js1.chargebee.com https://dgkxwewtzsnml.cloudfront.net https://d2jxbtsa1l6d79.cloudfront.net https://*.hcaptcha.com https://*.googleapis.com https://www.gstatic.com 'unsafe-inline' 'self' https://*.cloudflare.com https://cdn.honey.io https://fonts.bunny.net https://assets.payfurl.com https://use.fontawesome.com https://fonts.cdnfonts.com http://d2jxbtsa1l6d79.cloudfront.net/static/app-static-assets/hp/hp-9.1.2/ https://account.api.stream https://api-stream.chargebeeportal.com https://*.adyen.com https://*.media-amazon.com https://*.paypal.com https://*.google.com https://*.paypalobjects.com; font-src https://static.hsappstatic.net https://*.googleapis.com https://*.googleuseragent.com https://*.googleusercontent.com https://*.gstatic.com data: 'self' https://*.cloudflare.com https://*.typekit.net https://*.amazonaws.com https://*.fontawesome.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://assets.tailwindapp.com https://static.zohocdn.com https://qncdn.aoscdn.com https://cdn.honey.io https://cdn.megabonus.com https://github.com/ https://cdn.ivaws.com https://fonts.cdnfonts.com https://fonts.bunny.net https://static.zip.co https://at.alicdn.com http://d2jxbtsa1l6d79.cloudfront.net/static/app-static-assets/hp/hp-9.1.2/; worker-src https://*.chargebee.com https://*.hp.chargebee.com https://js.chargebee.com https://js1.chargebee.com blob:; child-src data: * https://cb-downloads-prod.s3.us-east-1.amazonaws.com https://account.api.stream https://api-stream.chargebeeportal.com

Date

Other

Thu, 15 Jan 2026 04:16:09 GMT

X-Robots-Tag

Other

noindex, nofollow, noarchive, nosnippet

Recommendations

Enable compression (gzip/brotli) to improve performance