HTTP Headers Analysis for https://beta.zettle.com

Detected Technologies from Headers

See all in URL Inspect 35

PayPal

AWS API Gateway

AWS CloudFront

YouTube

Google AdSense

Google Tag Manager

Azure Blob Storage

Envoy

Google DoubleClick

Google Analytics

Microsoft Advertising

Google Conversion Tracking

Loggly

Google Static File Front End

LaunchDarkly

Next.js

Google API JS Client

Google Fonts

Hotjar

LiveChat

unpkg

Google Search

Facebook

Amazon S3

OneTrust

Salesforce Sites

Storyblok

AWS

jQuery

Salesforce Pardot

Taboola

Vimeo

Sentry

Google Cloud

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; connect-src; frame-src; +5 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Vary

Performance

Accept-Encoding

connection: close
vary: Accept-Encoding

Caching Headers

Cache-Control

Caching

private, no-cache, no-store, max-age=0, must-revalidate

Etag

Caching

"9llwrl3i162p65"

cache-control: private, no-cache, no-store, max-age=0, must-revalidate
etag: "9llwrl3i162p65"

Content Headers

Content-Length

Content

126549

Content-Type

Content

text/html; charset=utf-8

content-length: 126549
content-type: text/html; charset=utf-8

Server Headers

Server

envoy

X-Powered-By

Server

Next.js

server: envoy
x-powered-by: Next.js

CORS Headers

No CORS headers found

Cookies Headers

No cookies headers found

Other Headers

Date

Other

Sat, 09 May 2026 16:45:28 GMT

Req-Id

Other

ad785edf-7005-4d23-a97d-2dde92c1eeae

Via

Other

1.1 aadad266be53162e069ead52871dac74.cloudfront.net (CloudFront)

X-Amz-Cf-Id

Other

jXeIvBgXERbM2i-FrvTWrMTR-PSlGNKMO6ATDekMakj0amC6lLTi6g==

X-Amz-Cf-Pop

Other

IAD61-P4

X-Cache

Other

Miss from cloudfront

X-Dns-Prefetch-Control

Other

off

X-Download-Options

Other

noopen

X-Envoy-Upstream-Service-Time

Other

50

X-Permitted-Cross-Domain-Policies

Other

none

date: Sat, 09 May 2026 16:45:28 GMT
req-id: ad785edf-7005-4d23-a97d-2dde92c1eeae
via: 1.1 aadad266be53162e069ead52871dac74.cloudfront.net (CloudFront)
x-amz-cf-id: jXeIvBgXERbM2i-FrvTWrMTR-PSlGNKMO6ATDekMakj0amC6lLTi6g==
x-amz-cf-pop: IAD61-P4
x-cache: Miss from cloudfront
x-dns-prefetch-control: off
x-download-options: noopen
x-envoy-upstream-service-time: 50
x-permitted-cross-domain-policies: none

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology