Open
Cached
·
just now
17
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
Connection
close
connection: close
Caching Headers
Age
0
age: 0
Content Headers
Content-Length
133
Content-Type
application/vnd.contentful.management.v1+json
content-length: 133 content-type: application/vnd.contentful.management.v1+json
Server Headers
Server
Contentful
server: Contentful
CORS Headers
Access-Control-Allow-Headers
Accept,Accept-Language,Authorization,Cache-Control,Cf-Context,Cf-Trace,Content-Length,Content-Range,Content-Type,Destination,Dnt,Expires,If-Match,If-Modified-Since,If-None-Match,Keep-Alive,Last-Modified,Origin,Pragma,Range,User-Agent,X-Contentful-Ai-Actions-Platform,X-Contentful-Async-Ai-Action,X-Contentful-Comment-Body-Format,X-Contentful-Content-Type,X-Contentful-Enable-Alpha-Feature,X-Contentful-Graphql-Access-Token,X-Contentful-Include-Invocation-Metadata,X-Contentful-Marketplace,X-Contentful-Organization,X-Contentful-Parent-Entity-Reference,X-Contentful-Parent-Id,X-Contentful-Personal-Intercept,X-Contentful-Skip-Transformation,X-Contentful-Skip-Ui-Draft-Validation,X-Contentful-Source-Environment,X-Contentful-Tag-Visibility,X-Contentful-Team,X-Contentful-Ui-Content-Auto-Save,X-Contentful-User-Agent,X-Contentful-User-Id,X-Contentful-Validate-Only,X-Contentful-Version,X-Http-Method-Override,X-Mx-Reqtoken,X-Requested-With
Access-Control-Allow-Methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Etag,X-Contentful-Ai-Actions-Ratelimit-Reset,X-Contentful-Request-Id,X-Thread-Id
Access-Control-Max-Age
1728000
access-control-allow-headers: Accept,Accept-Language,Authorization,Cache-Control,Cf-Context,Cf-Trace,Content-Length,Content-Range,Content-Type,Destination,Dnt,Expires,If-Match,If-Modified-Since,If-None-Match,Keep-Alive,Last-Modified,Origin,Pragma,Range,User-Agent,X-Contentful-Ai-Actions-Platform,X-Contentful-Async-Ai-Action,X-Contentful-Comment-Body-Format,X-Contentful-Content-Type,X-Contentful-Enable-Alpha-Feature,X-Contentful-Graphql-Access-Token,X-Contentful-Include-Invocation-Metadata,X-Contentful-Marketplace,X-Contentful-Organization,X-Contentful-Parent-Entity-Reference,X-Contentful-Parent-Id,X-Contentful-Personal-Intercept,X-Contentful-Skip-Transformation,X-Contentful-Skip-Ui-Draft-Validation,X-Contentful-Source-Environment,X-Contentful-Tag-Visibility,X-Contentful-Team,X-Contentful-Ui-Content-Auto-Save,X-Contentful-User-Agent,X-Contentful-User-Id,X-Contentful-Validate-Only,X-Contentful-Version,X-Http-Method-Override,X-Mx-Reqtoken,X-Requested-With access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT access-control-allow-origin: * access-control-expose-headers: Etag,X-Contentful-Ai-Actions-Ratelimit-Reset,X-Contentful-Request-Id,X-Thread-Id access-control-max-age: 1728000
Cookies Headers
Other Headers
Date
Tue, 05 May 2026 12:46:04 GMT
Server-Timing
miss, origin;dur=0
X-Cache
MISS
X-Contentful-Request-Id
38a02f26-27d4-41c0-8f64-ebe2172ce035
X-Served-By
cache-ewr-kewr1740077-EWR
date: Tue, 05 May 2026 12:46:04 GMT server-timing: miss, origin;dur=0 x-cache: MISS x-contentful-request-id: 38a02f26-27d4-41c0-8f64-ebe2172ce035 x-served-by: cache-ewr-kewr1740077-EWR
Recommendations
Enable compression (gzip/brotli) to improve performance
Add Cache-Control header to optimize caching