HTTP Headers Analysis for https://app.mode.com

Detected Technologies from Headers

See all in URL Inspect 2

Envoy

Varnish

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=63072000; includeSubDomains

Content-Security-Policy

Basic

default-src; script-src; style-src; +2 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

Performance Headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Vary

Performance

Accept-Encoding

accept-ranges: bytes
connection: close
vary: Accept-Encoding

Caching Headers

Cache-Control

Caching

max-age=0, private, must-revalidate, no-store

Etag

Caching

W/"cebeaa2181b89485ddfc29f7d25a4663"

cache-control: max-age=0, private, must-revalidate, no-store
etag: W/"cebeaa2181b89485ddfc29f7d25a4663"

Content Headers

Content-Length

Content

8003

Content-Type

Content

text/html; charset=utf-8

content-length: 8003
content-type: text/html; charset=utf-8

Server Headers

Server

envoy

X-Runtime

Server

0.100520

server: envoy
x-runtime: 0.100520

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: tracking_token=eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaEpJaEZoTVRNeE9XRTNPV0kyTkdVR09nWkZSZz09IiwiZXhwIjpudWxsLCJwdXIiOiJjb29raWUudHJhY2tpbmdfdG9rZW4ifX0%3D--42e674eb3f95d19b1785165a7e80c2d4fc68e1b1; path=/; expires=Sun, 13 May 2046 00:32:03 GMT; HttpOnly; SameSite=None; Secure
_session_id=b7a70ca26a46055567d63f3143bdf16e; path=/; expires=Tue, 11 Aug 2026 00:32:03 GMT; secure; HttpOnly; SameSite=None

Other Headers

Date

Other

Wed, 13 May 2026 00:32:03 GMT

Link

Other

URL /assets/application-bed8e2460b0b9e2ad9babf2a59bd4182bece0c69335ed8114aeb39572c5539e9.css

rel=preload as=style nopush

URL /assets/mark_start-6c1973822e85515a1866251f47221fa14ddb81c2e2f161747684399651b28cc7.js

rel=preload as=script nopush

URL /assets/external-a5b370686b8f04901990d8f2e5291b9281cd21fa77fec60da9d638a9ff5a01ac.js

rel=preload as=script nopush

URL /assets/application-615349c7ba8266949e9b83521b2df30c1871c3973aae18e1e36fdc58f7e45de3.js

rel=preload as=script nopush

Server-Timing

Other

app;dur=86.4

Via

Other

1.1 varnish

X-Cache

Other

MISS

X-Cache-Hits

Other

0

X-Download-Options

Other

noopen

X-Envoy-Upstream-Service-Time

Other

101

X-Mode-Cdn-Delivery

Other

1

X-Permitted-Cross-Domain-Policies

Other

none

X-Ratelimit-Limit

Other

200

X-Ratelimit-Remaining

Other

199

X-Request-Id

Other

94975d25-d56f-4643-9afa-c24726f37be9

X-Served-By

Other

cache-ewr-kewr1740035-EWR

date: Wed, 13 May 2026 00:32:03 GMT
link: </assets/application-bed8e2460b0b9e2ad9babf2a59bd4182bece0c69335ed8114aeb39572c5539e9.css>; rel=preload; as=style; nopush,</assets/mark_start-6c1973822e85515a1866251f47221fa14ddb81c2e2f161747684399651b28cc7.js>; rel=preload; as=script; nopush,</assets/external-a5b370686b8f04901990d8f2e5291b9281cd21fa77fec60da9d638a9ff5a01ac.js>; rel=preload; as=script; nopush,</assets/application-615349c7ba8266949e9b83521b2df30c1871c3973aae18e1e36fdc58f7e45de3.js>; rel=preload; as=script; nopush,</assets/mark_vendor-f611340c3512bd5cc2c9f5623b0e6c0749a729001082c8c724526e3b8de6dac3.js>; rel=preload; as=script; nopush
server-timing: app;dur=86.4
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-download-options: noopen
x-envoy-upstream-service-time: 101
x-mode-cdn-delivery: 1
x-permitted-cross-domain-policies: none
x-ratelimit-limit: 200
x-ratelimit-remaining: 199
x-request-id: 94975d25-d56f-4643-9afa-c24726f37be9
x-served-by: cache-ewr-kewr1740035-EWR

Recommendations

Enable compression (gzip/brotli) to improve performance