HTTP Headers Analysis for https://avery.com

Detected Technologies from Headers

See all in URL Inspect 33

Amazon CloudFront

DebugBear

Google Tag Manager

SalesLoft Google Cloud Run

Amplitude

Braintree

Google Hosted Libraries

Google DoubleClick

Google Analytics

Google Conversion Tracking

Google Static File Front End

TikTok Analytics

Google Fonts

Osano

Cloudinary LiveChat

unpkg

Bootstrap

Google Search

Nginx

Facebook

Amazon S3

Adobe Fonts (Typekit)

Cloudflare CDNJS

AWS

jQuery

YouTube

Font Awesome

jsDelivr

Google Cloud

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=3600;includeSubDomains

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Basic

default-src; script-src; style-src; +9 more Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

geolocation=(), camera=(), microphone=()

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding,accept-encoding

connection: close
transfer-encoding: chunked
vary: Accept-Encoding,accept-encoding

Caching Headers

Age

Caching

17571

Cache-Control

Caching

max-age=86400

Expires

Caching

Wed, 18 Feb 2026 06:32:13 GMT

age: 17571
cache-control: max-age=86400
expires: Wed, 18 Feb 2026 06:32:13 GMT

Content Headers

Content-Type

Content

text/html;charset=UTF-8

content-type: text/html;charset=UTF-8

Server Headers

Server

nginx

server: nginx

CORS Headers

Access-Control-Allow-Credentials

Cors

true

Access-Control-Allow-Headers

Cors

DNT,X-Forwarded-For,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

Access-Control-Allow-Methods

Cors

GET, POST, OPTIONS, PATCH, PUT

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-Forwarded-For,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS, PATCH, PUT

Cookies Headers

Set-Cookie

Cookies

set-cookie: AWSALB=hNkDnZ7aYnU3NwlwJT1dKCBJXaYWAPmksdFZuqzPgkuEWcRCX96/w/anHd5mCkaM5UNM0JjYw5aCrztPysrKk8mD3b8fa+d+R9x3YYcAMkbs9d/Bml4wmXgKrZ6v; Expires=Tue, 24 Feb 2026 06:32:13 GMT; Path=/
AWSALBCORS=hNkDnZ7aYnU3NwlwJT1dKCBJXaYWAPmksdFZuqzPgkuEWcRCX96/w/anHd5mCkaM5UNM0JjYw5aCrztPysrKk8mD3b8fa+d+R9x3YYcAMkbs9d/Bml4wmXgKrZ6v; Expires=Tue, 24 Feb 2026 06:32:13 GMT; Path=/; SameSite=None; Secure
AWSALB=zXnZJ1u3Q70cZqClIe4RkilHAV+5WvWj0fGnEue2lAxEitXmNYqXE4e48I5CyQWwaqLDLOICHLK5/H1dG3TwSzEDvmbwXU2l4VNyJmltk9PsyH4MadM5MJC9gT+i; Expires=Tue, 24 Feb 2026 06:32:13 GMT; Path=/
AWSALBCORS=zXnZJ1u3Q70cZqClIe4RkilHAV+5WvWj0fGnEue2lAxEitXmNYqXE4e48I5CyQWwaqLDLOICHLK5/H1dG3TwSzEDvmbwXU2l4VNyJmltk9PsyH4MadM5MJC9gT+i; Expires=Tue, 24 Feb 2026 06:32:13 GMT; Path=/; SameSite=None; Secure
JSESSIONID=7E5CC6DE77DFFDE455B34E790A0A5064; Path=/; Secure; HttpOnly; SameSite=Lax
opvc=2110d7a4-067d-49ba-987c-e8d9e315b489; Path=/; Secure; HttpOnly; SameSite=Lax
sitevisitscookie=1; Max-Age=153792000; Expires=Thu, 02 Jan 2031 06:32:13 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
dmid=aa84a22e-c35d-4d7a-80df-8ddd8307e682; Max-Age=153792000; Expires=Thu, 02 Jan 2031 06:32:13 GMT; Path=/; Secure; HttpOnly; SameSite=Lax

Other Headers

Cloudfront-Viewer-Country

Other

US

Date

Other

Tue, 17 Feb 2026 06:32:13 GMT

Reporting-Endpoints

Other

csp-endpoint="/_api/csp-report"

Via

Other

1.1 60fed2a1edb7f0bf722e7271cef9573e.cloudfront.net (CloudFront)

X-Amz-Cf-Id

Other

wACTmYvCVGQ618_IzA0uLa4zFbGgiW5y5Y5yTARy9gP2SAkw0DnsHw==

X-Amz-Cf-Pop

Other

IAD55-P10

X-Cache

Other

Hit from cloudfront

X-Dot-Server

Other

f316edd6aec8|d71343502d

X-Dotratelimit-Toks-Max

Other

10000/10000

X-Dotrequest-Cost

Other

36.00

cloudfront-viewer-country: US
date: Tue, 17 Feb 2026 06:32:13 GMT
reporting-endpoints: csp-endpoint="/_api/csp-report"
via: 1.1 60fed2a1edb7f0bf722e7271cef9573e.cloudfront.net (CloudFront)
x-amz-cf-id: wACTmYvCVGQ618_IzA0uLa4zFbGgiW5y5Y5yTARy9gP2SAkw0DnsHw==
x-amz-cf-pop: IAD55-P10
x-cache: Hit from cloudfront
x-dot-server: f316edd6aec8|d71343502d
x-dotratelimit-toks-max: 10000/10000
x-dotrequest-cost: 36.00

Recommendations

Enable compression (gzip/brotli) to improve performance