HTTP Headers Analysis for https://atrium.mx.com

Detected Technologies from Headers

See all in URL Inspect 2

Nginx

Varnish

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31557600

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Consider adding Permissions-Policy to control browser features

Performance Headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Vary

Performance

Accept-Encoding

accept-ranges: bytes
connection: close
vary: Accept-Encoding

Caching Headers

Cache-Control

Caching

no-store

Etag

Caching

W/"b3c7fc556326451a77e66d6d35dedd86"

Expires

Caching

0

Pragma

Caching

no-store

cache-control: no-store
etag: W/"b3c7fc556326451a77e66d6d35dedd86"
expires: 0
pragma: no-store

Content Headers

Content-Length

Content

3956

Content-Type

Content

text/html; charset=utf-8

content-length: 3956
content-type: text/html; charset=utf-8

Server Headers

Server

nginx

server: nginx

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: _longbow_app_session=3921927d5810183bf6c0226047880011; domain=mx.com; path=/; expires=Wed, 06 May 2026 23:43:15 GMT; secure; HttpOnly; SameSite=Lax

Other Headers

Allow

Other

GET, PUT, POST, DELETE, HEAD, OPTIONS, GET, PUT, POST, DELETE, HEAD, OPTIONS

Alt-Svc

Other

h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

Date

Other

Wed, 06 May 2026 23:13:15 GMT

Link

Other

URL /javascripts/ashitaka/bundle.js?cacheKey=default

rel=preload as=script nopush

URL /assets/insighttarget-font-2c8de33e3024ac8c993d51b0fc447faddf5fe5d3729eea77c817387b40b38e56.css

rel=preload as=style nopush

URL /assets/unauthenticated-f9acc1bba51d074e1a7769a0115f032cff45495ef6961250c1875905770a0e9c.css?v=00001

rel=preload as=style nopush

Via

Other

1.1 varnish

X-B3-Spanid

Other

5447782ab02106b4, f21af32ca7611fc6

X-B3-Traceid

Other

69fbcb0b00000000f21af32ca7611fc6, 69fbcb0b00000000f21af32ca7611fc6

X-Cache

Other

MISS, MISS

X-Cache-Hits

Other

0, 0

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

d3ad1fdf-dfd9-4733-bfca-b43767779c7a

X-Served-By

Other

cache-iad-kjyo7100069-IAD, cache-iad-kjyo7100164-IAD

allow: GET, PUT, POST, DELETE, HEAD, OPTIONS, GET, PUT, POST, DELETE, HEAD, OPTIONS
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
date: Wed, 06 May 2026 23:13:15 GMT
link: </javascripts/ashitaka/bundle.js?cacheKey=default>; rel=preload; as=script; nopush,</assets/insighttarget-font-2c8de33e3024ac8c993d51b0fc447faddf5fe5d3729eea77c817387b40b38e56.css>; rel=preload; as=style; nopush,</assets/unauthenticated-f9acc1bba51d074e1a7769a0115f032cff45495ef6961250c1875905770a0e9c.css?v=00001>; rel=preload; as=style; nopush
via: 1.1 varnish
x-b3-spanid: 5447782ab02106b4, f21af32ca7611fc6
x-b3-traceid: 69fbcb0b00000000f21af32ca7611fc6, 69fbcb0b00000000f21af32ca7611fc6
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-permitted-cross-domain-policies: none
x-request-id: d3ad1fdf-dfd9-4733-bfca-b43767779c7a
x-served-by: cache-iad-kjyo7100069-IAD, cache-iad-kjyo7100164-IAD

Recommendations

Enable compression (gzip/brotli) to improve performance