HTTP Headers Analysis for https://api.unsplash.com

Detected Technologies from Headers

See all in URL Inspect 10

AWS Active incidents

Cloudflare CDNJS

D3

Google Tag Manager

Heroku

jsDelivr

Statuspage

unpkg

Unsplash

Varnish

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31449600

Content-Security-Policy

Basic

default-src; img-src; script-src; +1 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

Performance Headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Vary

Performance

Accept, Accept-Encoding

accept-ranges: bytes
connection: close
vary: Accept, Accept-Encoding

Caching Headers

Cache-Control

Caching

max-age=7200, private

Etag

Caching

W/"cfb053e0ae5bfe3f8a5ad45d1a1ee027"

cache-control: max-age=7200, private
etag: W/"cfb053e0ae5bfe3f8a5ad45d1a1ee027"

Content Headers

Content-Language

Content

en

Content-Length

Content

148146

Content-Type

Content

text/html; charset=utf-8

content-language: en
content-length: 148146
content-type: text/html; charset=utf-8

Server Headers

Server

Heroku

X-Powered-By

Server

hero-app

X-Runtime

Server

0.046096

X-Version

Server

97b475d17af70156b120f415c1ee0eabc879b2e7

server: Heroku
x-powered-by: hero-app
x-runtime: 0.046096
x-version: 97b475d17af70156b120f415c1ee0eabc879b2e7

CORS Headers

Access-Control-Allow-Origin

Cors

unsplash.com

access-control-allow-origin: unsplash.com

Cookies Headers

Set-Cookie

Cookies

set-cookie: un_sesh=SitmS2treTRLR1pCL0VTNVBZNXJqeU1Va3pkNkFVSkdLMUtzTEo4L014bFcxSUU1TCt4cjg4bjBYNnFqQjRXc0R1VUZ0WjZmYW5mQ2ttMzJVL29jQndQb2E3L1Z0elNhWGxzUXdlT3JtaGdTNkxQUXZaMHRTeGJGRlRiTWJQTHZqWmhTOXNXZERlYTNQREZzOTd4RUVmSDZWbG9nSkQ4dU5uN3ZIbVJZMFBQREVEZzF3Q2tWeEhOdy9WM1ZLaDlqTUg0T3R5d2x0cmhtdjI2aVZRa2ZXbFhYM0piVHJIQkdWVnVES3IvVjRUVXRMeDZyalJQQzRENFRLZkxDazlyY0pMWlJLdWpXOExPdUk3UVZjYjRWZyswRkFPRXEwaWVZTzlZR1Y1YVJmcTg9LS1VSlo4SmQ1VkNCSWMyTHllc2t6dVVRPT0%3D--c68363ffdfcc41247e1eee60635cc519e4348d85; path=/; expires=Fri, 11 May 2029 19:02:33 GMT; secure; HttpOnly; SameSite=Lax
require_cookie_consent=false; Expires=Tue, 11 May 2027 19:02:33 GMT; path=/;
xp-hyperclusters-effect-4=free-plus-20; expires=Tue, 11 May 2027 19:02:33 GMT; path=/;
xp-prices-2026=control; expires=Tue, 11 May 2027 19:02:33 GMT; path=/;
xp-search-value-backgrounds=control; expires=Tue, 11 May 2027 19:02:33 GMT; path=/;

Other Headers

Date

Other

Mon, 11 May 2026 19:02:33 GMT

Fastly-Backend-Name

Other

F_rails_backend

Fastly-Is-Origin

Other

1

Nel

Other

Report-To Group heroku-nel max-age: 1h

success: 1.0% failure: 10.0%

Report-To

Other

Group heroku-nel max-age: 1h

Endpoint 1 https://nel.heroku.com/reports?s=WXKFSTdRDHhcl9%2FL1NeBkx1sR3x1bhtXP%2BrUKFL1MR8%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1778526153

Reporting-Endpoints

Other

heroku-nel="https://nel.heroku.com/reports?s=WXKFSTdRDHhcl9%2FL1NeBkx1sR3x1bhtXP%2BrUKFL1MR8%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1778526153"

Via

Other

1.1 heroku-router, 1.1 varnish

X-Cache

Other

MISS

X-Cache-Hits

Other

0

X-Request-Id

Other

478effcb-65b0-c6a5-8430-44d567365874

X-Served-By

Other

cache-pdk-katl1840096-PDK

date: Mon, 11 May 2026 19:02:33 GMT
fastly-backend-name: F_rails_backend
fastly-is-origin: 1
nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
report-to: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=WXKFSTdRDHhcl9%2FL1NeBkx1sR3x1bhtXP%2BrUKFL1MR8%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1778526153"}],"max_age":3600}
reporting-endpoints: heroku-nel="https://nel.heroku.com/reports?s=WXKFSTdRDHhcl9%2FL1NeBkx1sR3x1bhtXP%2BrUKFL1MR8%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1778526153"
via: 1.1 heroku-router, 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-request-id: 478effcb-65b0-c6a5-8430-44d567365874
x-served-by: cache-pdk-katl1840096-PDK

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology