HTTP Headers Analysis for https://api.cloudflare.com

Detected Technologies from Headers

See all in URL Inspect 10

Cloudflare CSP Monitoring Active incidents

YouTube

Adobe Marketo

Cloudflare

Cloudflare CDN

Cloudflare Stream

Cloudflare Web Analytics

Demandbase

Google Search

jsDelivr

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=15552000; preload

Content-Security-Policy

Basic

form-action; frame-src; frame-ancestors; +3 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

connection: close
transfer-encoding: chunked
vary: Accept-Encoding

Caching Headers

Age

Caching

68730

Cache-Control

Caching

public, max-age=0, s-maxage=2678400, must-revalidate

Last-Modified

Caching

Sun, 05 Apr 2026 10:01:27 GMT

age: 68730
cache-control: public, max-age=0, s-maxage=2678400, must-revalidate
last-modified: Sun, 05 Apr 2026 10:01:27 GMT

Content Headers

Content-Type

Content

text/html; charset=utf-8

content-type: text/html; charset=utf-8

Server Headers

Server

cloudflare

server: cloudflare

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: __cf_bm=mmGNmqlBAT1yPFoOMnT3HkqHNe3dyLJGVKDUv1LwBbg-1775452018.6784244-1.0.1.1-u5dedzS3hrbnswRrl3Oj6JhfMnFry6_uPCFnkIvqzlnSuiZ0vCe04uZDB4XPIPvzYK5gTgoFNl1B17dC8jwATZtHr7u_7XDDI48X6F16aegH98ZnDxyRkakvHx6PzZWL; HttpOnly; Secure; Path=/; Domain=developers.cloudflare.com; Expires=Mon, 06 Apr 2026 05:36:58 GMT

Other Headers

Alt-Svc

Other

h3=":443"; ma=86400

Cf-Cache-Status

Other

HIT

Cf-Ray

Other

9e7e442cbbdbe623-IAD

Date

Other

Mon, 06 Apr 2026 05:06:58 GMT

Report-To

Other

Group cf-paxdwpuhjhhtjopw max-age: 1d

Endpoint 1 https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=riUHl9m8eAu3HQrJzfEFD2ZekvxYMh4lsTAAUAMfx3Y-1775452018.6784244-1.0.1.1-HTyTzJa06yyTQIxUIJJWtEN43Y4tOx2QNwHcpluNuh5BSvheQpMupIYYgoSXaiPlKeYFMlnlQ3kLmnm6MYsjIPhaIJZ8QkpDwqFqETVbz_EwDOOM9lllZ3hL3FzCQSJw_GTG8Upz89_EIMQOtNGsX5g5HjP35MbsE3iYREGHbY1X2PZNgv91mdo6CVOx2yGtoIo02vxd3_qzUyM4wDGCVQ

Server-Timing

Other

cfCacheStatus;desc="HIT", cfEdge;dur=9,cfOrigin;dur=0,cfWorker;dur=23

Speculation-Rules

Other

"/cdn-cgi/speculation"

X-Stainless-Deployed-Version

Other

doc_bui_2026-04-03_eac6ca23

X-Stainless-Project-Folder

Other

site_cloudflare_34f2a67d

alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
cf-ray: 9e7e442cbbdbe623-IAD
date: Mon, 06 Apr 2026 05:06:58 GMT
report-to: {"group":"cf-paxdwpuhjhhtjopw","max_age":86400,"endpoints":[{"url":"https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=riUHl9m8eAu3HQrJzfEFD2ZekvxYMh4lsTAAUAMfx3Y-1775452018.6784244-1.0.1.1-HTyTzJa06yyTQIxUIJJWtEN43Y4tOx2QNwHcpluNuh5BSvheQpMupIYYgoSXaiPlKeYFMlnlQ3kLmnm6MYsjIPhaIJZ8QkpDwqFqETVbz_EwDOOM9lllZ3hL3FzCQSJw_GTG8Upz89_EIMQOtNGsX5g5HjP35MbsE3iYREGHbY1X2PZNgv91mdo6CVOx2yGtoIo02vxd3_qzUyM4wDGCVQ"}]}
server-timing: cfCacheStatus;desc="HIT", cfEdge;dur=9,cfOrigin;dur=0,cfWorker;dur=23
speculation-rules: "/cdn-cgi/speculation"
x-stainless-deployed-version: doc_bui_2026-04-03_eac6ca23
x-stainless-project-folder: site_cloudflare_34f2a67d

Recommendations

Enable compression (gzip/brotli) to improve performance