HTTP Headers Analysis for https://analytics.shift365.com

Detected Technologies from Headers

See all in URL Inspect 27

Adobe Target

PayPal

YouTube

Adobe Audience Manager

Adobe Dynamic Tag Management

Adobe Experience Cloud

Adobe Fonts (Typekit)

Braintree

Facebook

Google Analytics

Google API JS Client

Google Conversion Tracking

Google DoubleClick

Google Fonts

Google Pay

Google reCAPTCHA

Google Search

Google Static File Front End

Google Tag Manager

New Relic

Nginx

PHP

Report URI

Sentry

unpkg

Vimeo

Google Cloud

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31557600

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Basic

upgrade-insecure-requests; font-src; form-action; +14 more Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

connection: close
transfer-encoding: chunked
vary: Accept-Encoding

Caching Headers

Cache-Control

Caching

max-age=0, must-revalidate, no-cache, no-store

Expires

Caching

Sun, 23 Feb 2025 00:52:06 GMT

Pragma

Caching

no-cache

cache-control: max-age=0, must-revalidate, no-cache, no-store
expires: Sun, 23 Feb 2025 00:52:06 GMT
pragma: no-cache

Content Headers

Content-Type

Content

text/html; charset=UTF-8

content-type: text/html; charset=UTF-8

Server Headers

Server

nginx

X-Powered-By

Server

PHP/8.3.30

server: nginx
x-powered-by: PHP/8.3.30

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: X-Magento-Vary=79afd6fb6879dec2cb6edd27357bddec61dffbef1908d18b209b76304aff5ef3; expires=Mon, 23 Feb 2026 01:52:06 GMT; Max-Age=3600; path=/; secure; HttpOnly; SameSite=Lax; Secure
lagrange_session=88444b7a-81e8-4946-a86d-6cb2a2a0dabc; Path=/; Max-Age=1800; HttpOnly; Secure; SameSite=Lax
wcid=PSPADtOUspQkAAAB; Path=/; Domain=127.0.0.1; Max-Age=31536000; HttpOnly; Secure; SameSite=Lax

Other Headers

Date

Other

Mon, 23 Feb 2026 00:52:06 GMT

Login-Required

Other

true

Report-To

Other

Group report-endpoint max-age: 18w

Endpoint 1 https://shift365.report-uri.com/r/d/csp/reportOnly

date: Mon, 23 Feb 2026 00:52:06 GMT
login-required: true
report-to: {"group":"report-endpoint","max_age":10886400,"endpoints":[{"url":"https:\/\/shift365.report-uri.com\/r\/d\/csp\/reportOnly"}]}

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology