HTTP Headers Analysis for https://app.phrase.com

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Basic

default-src; worker-src; report-uri

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

Performance Headers

1 headers

Connection

Performance

close

Caching Headers

4 headers

Cache-Control

Caching

no-store

Etag

Caching

W/"b353a7e3f163488ac80bc2b04585d0e1"

Expires

Caching

-1

Pragma

Caching

no-cache

Content Headers

2 headers

Content-Length

Content

9711

Content-Type

Content

text/html; charset=utf-8

Server Headers

1 headers

Server

phrase.com

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

_phrase_session_sec=mvDL6C5BYKFmoN0EfPL%2Bx0LMEIOMnhCljM3pl3YK%2FAmZkOCJ%2BU9aAuvN8YT973J6nwRQDfE8s5pV4Pow5seDD5bNxpL4I001DFDn%2F1nluhGaQWAssEdZTwmvczF8NXgOVNf8kCHaY0OhBLbkFWlkSZTSLdoEMji%2B3SvXCZQUlGzrJ9eAOyK6gQhO5nYTrRRx%2Buc7rurDC8oHFvxIGaDTgbpn8JZTr05q3iqS98MGTZ1LDoN%2F%2FB9NWjDVoAAWH5wvs97jSeKIWTWtP76AGjLkyuVHEMhTHo8qZn2VBAS3tkBR57VJXRZ3JUbPg%2BL0tdmaYA%3D%3D--MFAD1jWTMISHMnRt--Rct6gyKypo8b%2BBlWrWTulQ%3D%3D; path=/; expires=Thu, 29 Jan 2026 21:04:40 GMT; secure; HttpOnly; SameSite=Lax

Other Headers

10 headers

Date

Other

Tue, 30 Dec 2025 21:04:40 GMT

Link

Other

<https://d20j2y33fgycdj.cloudfront.net/assets/application-136536f87fabcd45fa002fad7fe03c24bd2abd72f319976cf057e1591677bb44.js>; rel=preload; as=script; nopush,<https://d20j2y33fgycdj.cloudfront.net/assets/javascript-cfaa214100006d021c6fe87e4fa1d26737907cd900efb66e925bc18bb5c9a6aa.js>; rel=preload; as=script; nopush,<https://d20j2y33fgycdj.cloudfront.net/assets/application-823b0d57dad0ad32b211ad48e568e5113466d98f58e84635ee71cc763698e111.css>; rel=preload; as=style; nopush,<https://browser.sentry-cdn.com/7.7.0/bundle.min.js>; rel=preload; as=script; crossorigin=anonymous; integrity=sha384-zVycKakbFST6m0pi9RFIAnb5nw7mrA1n/mE4C8grImB4B6iqCp/0LHOcTIu9AI7+; nopush

Via

Other

1.1 a01680a1fee7e35f1738191420d98822.cloudfront.net (CloudFront)

X-Amz-Cf-Id

Other

UC_rMYbheBucpEnj1UB-NNGkw7RuDA0HYiPooDHJQFeM3XfZM5Oi4g==

X-Amz-Cf-Pop

Other

IAD12-P1

X-Cache

Other

Miss from cloudfront

X-Generated

Other

2025-12-30T21:04:40+00:00

X-Permitted-Cross-Domain-Policies

Other

none

X-Robots-Tag

Other

noindex

X-Server

Other

translation-center-web-69f8d88f9d-nd68p

Recommendations

Enable compression (gzip/brotli) to improve performance