HTTP Headers Analysis for https://admin.productplan.com

Detected Technologies from Headers

See all in URL Inspect 14

Cloudflare CDN

Google Fonts

Google Optimize

Google Sign-In

Google Tag Manager

Heroku

HubSpot

Pendo

Pusher

Recurly

Stripe

Vimeo

Wistia

YouTube

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=63072000; includeSubDomains

Content-Security-Policy

Basic

default-src; connect-src; font-src; +7 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

connection: close
transfer-encoding: chunked
vary: Accept-Encoding

Caching Headers

Cache-Control

Caching

no-store

Expires

Caching

-1

Pragma

Caching

no-cache

cache-control: no-store
expires: -1
pragma: no-cache

Content Headers

Content-Type

Content

text/html; charset=utf-8

content-type: text/html; charset=utf-8

Server Headers

Server

cloudflare

X-Runtime

Server

0.018688

server: cloudflare
x-runtime: 0.018688

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: _pplan_session=lPwwUC8vWEkNvn4ipdbEsbhDzIPublBjdX%2B83DCj3VIxr1qjm5ZXBgCHrgj%2F%2FckNqiYce%2FAkANDRu8IskLM73VTLCaNJslz%2B1xEpu%2B6smdAZl8QN7zGeivp2grawzPZJhCVE2XkJzx5TQI72LnzGRff9kyqF30kQ%2ByBmrxtYCKLixaolZuhNLbTXxzny%2BkOJXivNxlR8isuVautJ4WvzatTvlZCYBUPmLqsVeOh2YsyWte8Oh68UrsIic6e9d%2FAGQNaxppSGV%2FOxo06KL7JAsyh9jdPAfbY%2BTJWEYuejnE77QGcWOD3Ohhuy2xCc9VrzwIw3o%2B8Xt7KVmTZwaSvEda1r2PptFCfe%2BZwgpKJ%2BozZ0qA%2FxVAj6J5Xz%2F00oYKmbA1I%3D--10aPR9AUCSIgDOxL--Dqlf4ZPns7a6dunUYxoaRg%3D%3D; path=/; secure; HttpOnly

Other Headers

Alt-Svc

Other

h3=":443"; ma=86400

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9fc8a53328fb51c4-IAD

Date

Other

Sat, 16 May 2026 07:24:53 GMT

Link

Other

URL https://assets0.productplan.com/assets/active_admin-5d6f00b88f234dcd408ce3db81690c07dac6b6bf997ab9ec04c7ee50aa880d0b.css

rel=preload as=style nopush

URL https://assets0.productplan.com/assets/active_admin-498b41e3a5da05601ad0367cd805e434b740e9b7a9776a73a4d07d5df7406f89.js

rel=preload as=script nopush

Nel

Other

Report-To Group heroku-nel max-age: 1h

success: 1.0% failure: 10.0%

Report-To

Other

Group heroku-nel max-age: 1h

Endpoint 1 https://nel.heroku.com/reports?s=HAez%2BzcYXmapx8Wj8SLMFKU0frdP4MFFWENqVdJCbFw%3D&sid=e11707d5-02a7-43ef-b45e-2cf4d2036f7d&ts=1778916293

Reporting-Endpoints

Other

heroku-nel="https://nel.heroku.com/reports?s=HAez%2BzcYXmapx8Wj8SLMFKU0frdP4MFFWENqVdJCbFw%3D&sid=e11707d5-02a7-43ef-b45e-2cf4d2036f7d&ts=1778916293"

Server-Timing

Other

cfCacheStatus;desc="DYNAMIC", cfEdge;dur=9,cfOrigin;dur=23

Via

Other

2.0 heroku-router

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

df31128d-6080-ce26-ed71-84dd5babfc61

X-Robots-Tag

Other

none, noindex, nofollow, noarchive, nosnippet, notranslate, noimageindex

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 9fc8a53328fb51c4-IAD
date: Sat, 16 May 2026 07:24:53 GMT
link: <https://assets0.productplan.com/assets/active_admin-5d6f00b88f234dcd408ce3db81690c07dac6b6bf997ab9ec04c7ee50aa880d0b.css>; rel=preload; as=style; nopush,<https://assets0.productplan.com/assets/active_admin-498b41e3a5da05601ad0367cd805e434b740e9b7a9776a73a4d07d5df7406f89.js>; rel=preload; as=script; nopush
nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
report-to: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=HAez%2BzcYXmapx8Wj8SLMFKU0frdP4MFFWENqVdJCbFw%3D\u0026sid=e11707d5-02a7-43ef-b45e-2cf4d2036f7d\u0026ts=1778916293"}],"max_age":3600}
reporting-endpoints: heroku-nel="https://nel.heroku.com/reports?s=HAez%2BzcYXmapx8Wj8SLMFKU0frdP4MFFWENqVdJCbFw%3D&sid=e11707d5-02a7-43ef-b45e-2cf4d2036f7d&ts=1778916293"
server-timing: cfCacheStatus;desc="DYNAMIC", cfEdge;dur=9,cfOrigin;dur=23
via: 2.0 heroku-router
x-permitted-cross-domain-policies: none
x-request-id: df31128d-6080-ce26-ed71-84dd5babfc61
x-robots-tag: none, noindex, nofollow, noarchive, nosnippet, notranslate, noimageindex

Recommendations

Enable compression (gzip/brotli) to improve performance