HTTP Headers Analysis for https://app.ellect.com

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers

Connection

Performance

close

Vary

Performance

Accept-Encoding

Caching Headers

2 headers

Cache-Control

Caching

private, no-cache, no-store, max-age=0, must-revalidate

Etag

Caching

"u0crk7qwqf84h"

Content Headers

2 headers

Content-Length

Content

10529

Content-Type

Content

text/html; charset=utf-8

Server Headers

1 headers

X-Powered-By

Server

Next.js

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

space_info_1=%7B%22id%22%3A239%2C%22name%22%3A%22Ellect%22%2C%22description%22%3A%22Ellect%20enabling%20100%2C000%20women%20worldwide%20to%20achieve%20leadership%20and%20board%20roles%20by%202030.%22%2C%22logo%22%3A%7B%22original%22%3A%22uploads%2Fimages%2Fcommunities-logo%2Foriginal%2Fimg_239_1750734535307_3096.jpg%22%2C%22large%22%3A%22uploads%2Fimages%2Fcommunities-logo%2Flarge%2Fimg_239_1750734535307_3096.jpg%22%2C%22thumbnail%22%3A%22uploads%2Fimages%2Fcommunities-logo%2Fthumbnail%2Fimg_239_1750734535307_3096.jpg%22%7D%2C%22cover_image%22%3A%7B%22original%22%3A%22uploads%2Fimages%2Fcommunities-cover-image%2Foriginal%2Fimg_239_1750734536249_6108.jpg%22%2C%22large%22%3A%22uploads%2Fimages%2Fcommunities-cover-image%2Flarge%2Fimg_239_1750734536249_6108.jpg%22%7D%2C%22theme%22%3A%7B%22primary_base%22%3A%22%23440099%22%2C%22primary_10%22%3A%22%23571aa3%22%2C%22primary_20%22%3A%22%236933ad%22%2C%22primary_30%22%3A%22%237c4db8%22%2C%22primary_40%22%3A%22%238f66c2%22%2C%22primary_50%22%3A%22%23a280cc%22%2C%22primary_60%22%3A%22%23b499d6%22%2C%22primary_70%22%3A%22%23c7b3e0%22%2C%22primary_80%22%3A%22%23dacceb%22%2C%22primary_90%22%3A%22%23ece6f5%22%2C%22secondary_base%22%3A%22%238e7cc3%22%2C%22secondary_10%22%3A%22%239989c9%22%2C%22secondary_20%22%3A%22%23a596cf%22%2C%22secondary_30%22%3A%22%23b0a3d5%22%2C%22secondary_40%22%3A%22%23bbb0db%22%2C%22secondary_50%22%3A%22%23c7bee1%22%2C%22secondary_60%22%3A%22%23d2cbe7%22%2C%22secondary_70%22%3A%22%23ddd8ed%22%2C%22secondary_80%22%3A%22%23e8e5f3%22%2C%22secondary_90%22%3A%22%23f4f2f9%22%7D%2C%22space_white_label_config%22%3A%7B%22support_email_address%22%3A%22support%40ekos.ai%22%2C%22apple_store_app_id%22%3A%22id6746413353%22%2C%22play_store_app_id%22%3Anull%2C%22privacy_policy_link%22%3A%22https%3A%2F%2Fapp.ellect.com%2Ffiles%2Fprivacy_policy.html%22%2C%22terms_conditions_link%22%3A%22https%3A%2F%2Fapp.ellect.com%2Ffiles%2Fterms_conditions.html%22%7D%7D; Max-Age=600; Path=/; HttpOnly; Secure; SameSite=Lax

Other Headers

8 headers

Date

Other

Mon, 09 Feb 2026 09:25:19 GMT

Via

Other

1.1 8c35d9f8e012281d9fc1c918b8394b84.cloudfront.net (CloudFront)

X-Amz-Cf-Id

Other

GRn5-rKWSeoN9NNrp1bbOGJ4usdHV5swvAce33HmYq1Z0t6BqqGV5g==

X-Amz-Cf-Pop

Other

IAD61-P9

X-Cache

Other

Miss from cloudfront

X-Custom-Domain-Name

Other

app.ellect.com

X-Custom-Domain-Type

Other

custom_domain

X-Middleware-Rewrite

Other

/app

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology