HTTP Headers Analysis for https://admin.brandfolder.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Content-Security-Policy header to prevent XSS attacks
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Vary

Performance

Origin

connection: close
vary: Origin

Caching Headers

Cache-Control

Caching

max-age=0, private, must-revalidate

Etag

Caching

W/"5b6fc5bddad0bbadc082886399ee92e5"

cache-control: max-age=0, private, must-revalidate
etag: W/"5b6fc5bddad0bbadc082886399ee92e5"

Content Headers

Content-Length

Content

26009

Content-Type

Content

text/html; charset=utf-8

content-length: 26009
content-type: text/html; charset=utf-8

Server Headers

X-Runtime

Server

0.067663

x-runtime: 0.067663

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: _brandfolder.session_id=THR1MEJZa0puWU9GZ3dRL3FRK2lOVXEyaGxhb1g3NnY0YkRiOWxLQzBSQ1lpUWp0dVlDWWU2a3lSUC8wUXEzWnBqaldad1hYeFY1MmVjN2g4YUN2elBORndPSWk1YlpQZzFXUzhKSE4wNys3aS9HbnBaOEl3eHhMRTZKYzRKQSt0bU9TazdqM0ZTcDg2TFhuZ3F5L0N1RXhlV3JOSFg2aDRSbll4NXZkdUU1enBuVzdpaWNSZFlqWlJhSGhPV0hLNUJ6SFFNU242dCtrWjFwM0w1N2RDM1RveTBpcTRRSlkxcStCOFB0T1NFdVhrWElONHhPeWs3N3NmNjdzU1hVakJHZ3M2bGJoenhxNG1JWjRzVnB3aWl2SzViVk9uRDlPYysyQmltdjhaYlM4cHdFZm0wVjduRlRtR09oYndyM2dCSDBuNDdTdmJlRnVNQTRPZTJUTFI1NEZWenFUTmxYc3Z2SjE4Q0hZUHhmaEk1d1RGeGhXeG9leGhoNzZXL1NTLS1ma0l3OVN1cmhNZDdhalNwU1c0YUp3PT0%3D--0d6cca4b92cbcee30e62e57255a6dae5fae8fb40; domain=brandfolder.com; path=/; expires=Wed, 13 May 2026 21:46:34 GMT; secure; HttpOnly

Other Headers

Alt-Svc

Other

h3=":443"; ma=2592000

Date

Other

Wed, 13 May 2026 02:46:34 GMT

Link

Other

URL https://static.brandfolder.com/packs/css/application-1ee8a0a0.css

rel=preload as=style nopush

URL https://static.brandfolder.com/assets/application-42dd9c29a5f9e8a4cfe98fc1c55a35a1b34d2a56f5c75db50ef9faa2ba49e891.css

rel=preload as=style nopush

URL https://static.brandfolder.com/packs/js/application-0cbebace3f698bd7f953.js

rel=preload as=script nopush

URL https://static.brandfolder.com/assets/gettext.iife.min-b321ea7d9c34f1e148e3027c39257986f8448c3700994e73e8e5429f370cc454.js

rel=preload as=script crossorigin=anonymous integrity=sha256-syHqfZw08eFI4wJ8OSV5hvhEjDcAmU5z6OVCnzcMxFQ= nopush

P3p

Other

CP="Prizza"

Via

Other

1.1 google

X-Request-Id

Other

7cc2668f-cf9c-4a9a-81b6-3c932d96107e

alt-svc: h3=":443"; ma=2592000
date: Wed, 13 May 2026 02:46:34 GMT
link: <https://static.brandfolder.com/packs/css/application-1ee8a0a0.css>; rel=preload; as=style; nopush,<https://static.brandfolder.com/assets/application-42dd9c29a5f9e8a4cfe98fc1c55a35a1b34d2a56f5c75db50ef9faa2ba49e891.css>; rel=preload; as=style; nopush,<https://static.brandfolder.com/packs/js/application-0cbebace3f698bd7f953.js>; rel=preload; as=script; nopush,<https://static.brandfolder.com/assets/gettext.iife.min-b321ea7d9c34f1e148e3027c39257986f8448c3700994e73e8e5429f370cc454.js>; rel=preload; as=script; crossorigin=anonymous; integrity=sha256-syHqfZw08eFI4wJ8OSV5hvhEjDcAmU5z6OVCnzcMxFQ=; nopush,<https://static.brandfolder.com/assets/application-61c872fa7c0d4a89bf2da769e79fe7a1576726b0c60b31d56cb4471d03ba31c8.js>; rel=preload; as=script; nopush
p3p: CP="Prizza"
via: 1.1 google
x-request-id: 7cc2668f-cf9c-4a9a-81b6-3c932d96107e

Recommendations

Enable compression (gzip/brotli) to improve performance