HTTP Headers Analysis for https://app.staging.teamable.com

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=63072000; includeSubDomains

Content-Security-Policy

Good

default-src; font-src; img-src; +6 more

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Strengthen CSP by removing 'unsafe-eval'
• Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers

Connection

Performance

close

Vary

Performance

Accept-Encoding, Origin

Caching Headers

2 headers

Cache-Control

Caching

no-cache, no-store, must-revalidate

Etag

Caching

W/"b1a6dff3d0f3124fc91d6ee15be1040d"

Content Headers

2 headers

Content-Length

Content

2462

Content-Type

Content

text/html; charset=utf-8

Server Headers

1 headers

X-Runtime

Server

0.493205

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

_topfunnel-web_session=daaa927a5e3098a3d019bcaa0d3e0e84; path=/; secure; HttpOnly; SameSite=None

Other Headers

6 headers

Date

Other

Wed, 14 Jan 2026 11:55:12 GMT

Link

Other

</assets/application-7cb8f7cede6e03c385c8bb17f483c9551cc8d5ffd74b04106fb2be1f5d447d2a.css>; rel=preload; as=style; nopush,<https://cdnjs.cloudflare.com/ajax/libs/airbrake-js/1.1.1/client.min.js>; rel=preload; as=script; crossorigin=anonymous; integrity=sha384-h0QKNlW0VnCEOsIL5LJm5XYn3fw8/n2jO0xGqIMHBMt7WbGqbP7XwiXs+dtpI6mT; nopush,</assets/application-687171195d95b69b3de1a346a192f02f2d9e0b14f2a98be5d9cbcdb776997d71.js>; rel=preload; as=script; nopush

Report-To

Other

{"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"/csp-violation-report"}]}

X-Download-Options

Other

noopen

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

866ffe37-ac76-4032-a81f-3581ff8a1322