HTTP Headers Analysis for https://app.diagrams.net

Detected Technologies from Headers

See all in URL Inspect 10

Cloudflare CDN

draw.io

Dropbox

GitHub

GitLab

Google API JS Client

Google Fonts

OpenAI

Pusher

Microsoft SharePoint

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Good

default-src; script-src; connect-src; +9 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin

Permissions-Policy

Present

microphone=()

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Strengthen CSP by removing 'unsafe-eval'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

connection: close
transfer-encoding: chunked

Caching Headers

Age

Caching

14

Cache-Control

Caching

public, max-age=600

Expires

Caching

Thu, 02 Apr 2026 12:16:12 GMT

age: 14
cache-control: public, max-age=600
expires: Thu, 02 Apr 2026 12:16:12 GMT

Content Headers

Content-Type

Content

text/html

content-type: text/html

Server Headers

Server

cloudflare

server: cloudflare

CORS Headers

Access-Control-Allow-Origin

Cors

*

access-control-allow-origin: *

Cookies Headers

No cookies headers found

Other Headers

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9e5fb51dcd8cd704-IAD

Date

Other

Thu, 02 Apr 2026 12:06:26 GMT

X-Cloud-Trace-Context

Other

d5855914d4827a8c3b5c06332b21f123

cf-cache-status: DYNAMIC
cf-ray: 9e5fb51dcd8cd704-IAD
date: Thu, 02 Apr 2026 12:06:26 GMT
x-cloud-trace-context: d5855914d4827a8c3b5c06332b21f123

Recommendations

Enable compression (gzip/brotli) to improve performance