HTTP Headers Analysis for https://api.shipcloud.io

Detected Technologies from Headers

See all in URL Inspect 3

Intercom

Nginx

Report URI

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains, max-age=63072000; includeSubdomains; preload

Content-Security-Policy

Basic

child-src; connect-src; default-src; +9 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Present

SAMEORIGIN, DENY

X-Content-Type-Options

Present

nosniff, nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Vary

Performance

Origin

connection: close
vary: Origin

Caching Headers

Cache-Control

Caching

max-age=0, private, must-revalidate

Etag

Caching

W/"921cb6fcdb8a34eb4f0e6a50fe0534a3"

cache-control: max-age=0, private, must-revalidate
etag: W/"921cb6fcdb8a34eb4f0e6a50fe0534a3"

Content Headers

Content-Length

Content

8748

Content-Type

Content

text/html; charset=utf-8

content-length: 8748
content-type: text/html; charset=utf-8

Server Headers

Server

nginx

X-Runtime

Server

0.010408

server: nginx
x-runtime: 0.010408

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: _shipcloud_session=q0WHVYut3Q4cpyECGOYla3GEGrdbLqhQDYXweX%2FyHbH%2FIWRz9JlJqQGjPTkOIWJGa4PHIoJHMQi%2F9%2FNa4zvvCA3FEx22fw4DQEP4CZuixN1mc0tYECMQLFBtGFplz2NMk1nLTUdLKFLgGySCtD65Oshd9hQqkAc5KzFPc24B2R46ZROjQBKgl%2Fp%2BFpGJIUXHUTy4v2weAl%2Fyrgm4ZRKTZiCsOVZCvGKd75J7wwl5vup%2FZoC0JJZOO8OBNddYQQnNu1sCBurmf5PEEbRT0Z2oRvoIo3nZvwjMsOQ%3D--Ly4r6ZCtZZzxfQbS--FF7EXWWf%2BrDV3NxcBrQ5MQ%3D%3D; path=/; secure; HttpOnly; SameSite=Lax

Other Headers

Date

Other

Sun, 10 May 2026 01:24:28 GMT

Link

Other

URL /assets/registration_application-0dbe87725155d853879a280d40d7e4caad30bd18d686fe9869bbfd1444846a62.css

rel=preload as=style nopush

URL /assets/bs_error_monitoring.min-d7a2520867e5c6544da70a3cc887c92c97d528fb391d8bb381de7e3f85d25385.js

rel=preload as=script nopush

URL /assets/full_application-af321d4cf0ec1c60cfc3af7e9cca72d28d95c590d49a3b598f3a041299b354c8.js

rel=preload as=script nopush

URL https://selfservice.billwerk.com/subscription.js

rel=preload as=script nopush

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

2b57b679-9908-41aa-8c48-0c005337469d

date: Sun, 10 May 2026 01:24:28 GMT
link: </assets/registration_application-0dbe87725155d853879a280d40d7e4caad30bd18d686fe9869bbfd1444846a62.css>; rel=preload; as=style; nopush,</assets/bs_error_monitoring.min-d7a2520867e5c6544da70a3cc887c92c97d528fb391d8bb381de7e3f85d25385.js>; rel=preload; as=script; nopush,</assets/full_application-af321d4cf0ec1c60cfc3af7e9cca72d28d95c590d49a3b598f3a041299b354c8.js>; rel=preload; as=script; nopush,<https://selfservice.billwerk.com/subscription.js>; rel=preload; as=script; nopush,</assets/pactas_itero-a6c8fb13d80912b0ef8091c50d507c6861d44f412be6edea8b610d55a2d7e825.js>; rel=preload; as=script; nopush,</assets/zendesk_widget_settings-591f9e93056c55657c3f5bf4682367b77bc3753a74ed4131eb78f49f1915300d.js>; rel=preload; as=script; nopush
x-permitted-cross-domain-policies: none
x-request-id: 2b57b679-9908-41aa-8c48-0c005337469d

Recommendations

Enable compression (gzip/brotli) to improve performance