HTTP Headers Analysis for https://app.yellow.ai

Detected Technologies from Headers

See all in URL Inspect 1

Cloudflare CDN

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

Performance Headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Transfer-Encoding

Performance

chunked

accept-ranges: bytes
connection: close
transfer-encoding: chunked

Caching Headers

Cache-Control

Caching

no-store, no-store

Expires

Caching

0

Last-Modified

Caching

Wed, 10 Sep 2025 05:12:28 GMT

cache-control: no-store, no-store
expires: 0
last-modified: Wed, 10 Sep 2025 05:12:28 GMT

Content Headers

Content-Type

Content

text/html; charset=UTF-8

content-type: text/html; charset=UTF-8

Server Headers

Server

cloudflare

server: cloudflare

CORS Headers

Access-Control-Allow-Credentials

Cors

true

Access-Control-Allow-Headers

Cors

Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,bot,platform

Access-Control-Allow-Methods

Cors

GET, POST, OPTIONS, PUT, DELETE, HEAD, PATCH

access-control-allow-credentials: true
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,bot,platform
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD, PATCH

Cookies Headers

Set-Cookie

Cookies

set-cookie: _csrf=ia61YXKDZI012N21Hr4DSe3L; Path=/
_csrf=GVm1Wj5m-XjLdkYUnFRaHDO3Ukyam3FMWH8c; Path=/; HttpOnly; Secure; SameSite=Lax

Other Headers

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9e47006b5eaee625-IAD

Date

Other

Mon, 30 Mar 2026 12:08:47 GMT

Feature-Policy

Other

geolocation 'self'

cf-cache-status: DYNAMIC
cf-ray: 9e47006b5eaee625-IAD
date: Mon, 30 Mar 2026 12:08:47 GMT
feature-policy: geolocation 'self'

Recommendations

Enable compression (gzip/brotli) to improve performance