HTTP Headers Analysis for https://avatars.githubusercontent.com

Detected Technologies from Headers

See all in URL Inspect 7

GitHub

YouTube

Amazon S3

Azure Blob Storage

Contentful Fullstory GitHub Copilot

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000; includeSubdomains; preload

Content-Security-Policy

Good

default-src; base-uri; child-src; +12 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Excellent

deny

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

origin-when-cross-origin, strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Strengthen CSP by removing 'unsafe-eval'
• Consider adding Permissions-Policy to control browser features

Performance Headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With, Accept-Language, Sec-Fetch-Site,Accept-Encoding, Accept, X-Requested-With

accept-ranges: bytes
connection: close
transfer-encoding: chunked
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With, Accept-Language, Sec-Fetch-Site,Accept-Encoding, Accept, X-Requested-With

Caching Headers

Cache-Control

Caching

max-age=0, private, must-revalidate

Etag

Caching

W/"b418bd623d568beee4a773dba551b637"

cache-control: max-age=0, private, must-revalidate
etag: W/"b418bd623d568beee4a773dba551b637"

Content Headers

Content-Language

Content

en-US

Content-Type

Content

text/html; charset=utf-8

content-language: en-US
content-type: text/html; charset=utf-8

Server Headers

Server

github.com

server: github.com

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: _gh_sess=q2%2FtdL8MEH9R0sdFYSvzzT6WlgoIIxvGJlQbs1m9YFNXHkPkoCFDAe5oAc7UiEXl5Ojwv418BSOiIBeNHt5nZ3FXUfyhhyPZx3qn1AZKuijFX81ts76Aa06h10cXc9lDJd%2BRzTbRK7YaXc3b7Qq9vb1%2FU%2FpsnDoBl2nIeBktfnyBbrCl7dVVi69PUTAQ1iOwDL%2FdL%2F21z6Ij9%2FtBXFOMRoQfXAF6bkF1HUQN6t5hn9cAKg1I1%2BtjUUiNEDZ6jv%2BmwMIu%2FL4GiOuap0GaXgY7Tg%3D%3D--GBTgE0b0TNqTnO5A--%2B3um4bETT0HjvJPNbBdlyA%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
_octo=GH1.1.693863156.1771541477; Path=/; Domain=github.com; Expires=Fri, 19 Feb 2027 22:51:17 GMT; Secure; SameSite=Lax
logged_in=no; Path=/; Domain=github.com; Expires=Fri, 19 Feb 2027 22:51:17 GMT; HttpOnly; Secure; SameSite=Lax

Other Headers

Date

Other

Thu, 19 Feb 2026 22:51:16 GMT

X-Github-Request-Id

Other

D9A2:3D317B:100CC88:15E0246:699793E5

date: Thu, 19 Feb 2026 22:51:16 GMT
x-github-request-id: D9A2:3D317B:100CC88:15E0246:699793E5

Recommendations

Enable compression (gzip/brotli) to improve performance