HTTP Headers Analysis for https://api.plooto.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=15552000

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

same-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Consider adding Permissions-Policy to control browser features

Performance Headers

1 headers

Connection

Performance

close

Caching Headers

3 headers

Cache-Control

Caching

no-store, must-revalidate, no-cache, max-age=0

Expires

Caching

-1,Mon, 01 Jan 1990 00:00:00 GMT

Pragma

Caching

no-cache,no-cache

Content Headers

0 headers

No content headers found

Server Headers

1 headers

Server

cloudflare

CORS Headers

1 headers

Access-Control-Max-Age

Cors

300

Cookies Headers

1 headers

Set-Cookie

Cookies

_cfuvid=wcgEG8jcNn06u3mcl5lkKLpL.1PRGlSOjSHKDz0GPnU-1768518972.4200728-1.0.1.1-H2B7RQqDYBKjrQNvFbwsKsYH9O5ZZU35K.mmz.e4DUI; HttpOnly; SameSite=None; Secure; Path=/; Domain=api.plooto.com

Other Headers

15 headers

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9be914599f4f060e-IAD

Date

Other

Thu, 15 Jan 2026 23:16:12 GMT

Request-Context

Other

appId=cid-v1:adc3632d-6ee1-42fc-b6e1-6ec68155df73

Server-Timing

Other

cfEdge;dur=23,cfOrigin;dur=33

X-Cdn

Other

Cloudflare

X-Correlation-Id

Other

fe07b3fa-c55e-449f-b0ca-6451aeb2caa6

X-Dns-Prefetch-Control

Other

off

X-Download-Options

Other

noopen

X-Header-Group

Other

default

X-Management-Service

Other

d608a735-ab92-4422-93c8-83cb0b427756

X-Original-Host-Value

Other

api.plooto.com

X-Plooto-Id

Other

35b99f0b-428d-4680-8d49-b36cfd6052a8

X-Request-Id

Other

fdd4825e-a6b3-4481-9e29-6c040665ac07

X-Via

Other

api

Recommendations

Enable compression (gzip/brotli) to improve performance