Open
Cached
·
just now
21
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Strong
base-uri; connect-src; default-src; +10 more
base-uri 'none'; connect-src https://m.stripe.com https://t.stripe.com https://*.hcaptcha.com https://edge.stripe.com https://errors.stripe.com https://hcaptcha.com https://r.stripe.com https://sourcemaps.corp.stripe.com https://stripe.com https://connect-js.stripe.com 'self'; default-src 'none'; font-src https://a300.stripecdn.com; form-action 'none'; frame-ancestors 'none'; frame-src https://*.hcaptcha.com https://a.stripecdn.com https://b.stripecdn.com https://hcaptcha.com https://js.stripe.com https://connect-js.stripe.com; img-src https://t.stripe.com data: https://files.stripe.com https://q.stripe.com https://s3.amazonaws.com/stripe-uploads/ 'self' https://stripe-camo.global.ssl.fastly.net https://d1wqzb5bdbcre6.cloudfront.net; script-src https://*.hcaptcha.com https://a300.stripecdn.com https://hcaptcha.com https://js.stripe.com https://connect-js.stripe.com/v0.1/connect.js 'nonce-csvlBR3dJM0a54ymPH5iAA==' 'self' 'sha256-+sBr+ZcvoSOxP7Tk8LPeyMQbga8JB9stptcp/idxRCI=' 'sha256-X282X6GM6HOVS4ZlarVs8J6sTL4pCBCyjJ1mGXPnx2c=' 'report-sample'; style-src https://*.hcaptcha.com https://a300.stripecdn.com https://hcaptcha.com 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk=' 'sha256-H6kR2Irnq6yhQutut2icFv4LPYJFqqRXRNODTKX8CTg='; worker-src https://connect-js.stripe.com/v0.1/connect.js; upgrade-insecure-requests; report-uri https://q.stripe.com/csp-violation?q=A_fhkT9c8T60fX43Rutm7obKrJIyor9fJAt825FVD8lkYCer3CVoKKD38Bqw9298vEWTlWxh7RTdLQ%3D%3D
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Add X-Content-Type-Options: nosniff
- • Consider adding Permissions-Policy to control browser features
Performance Headers
1 headers
Connection
Performance
close
Caching Headers
3 headers
Cache-Control
Caching
max-age=0, no-cache, no-store, must-revalidate
Expires
Caching
0
Pragma
Caching
no-cache
Content Headers
2 headers
Content-Length
Content
111455
Content-Type
Content
text/html;charset=utf-8
Server Headers
1 headers
Server
Server
nginx
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
stripe.customerportal.csrf=UJ34lFeBWnvSXWlq-bLVYvGxCJOVl2urLJRU6PiqIsdVla4VAHlfHj5Q4UuCOMWuoQv8KPQxmOVIBJrfOyeEODw-AfwhO1TKVBByVsnxixuA2DjJrlnAFK6GTh5AExcEY5oHWEdqAw%3D%3D; path=/; secure; HttpOnly; SameSite=Strict
Other Headers
9 headers
Cross-Origin-Opener-Policy-Report-Only
Other
unsafe-none; report-to="wsp_coop"
Date
Other
Fri, 26 Dec 2025 10:35:09 GMT
Report-To
Other
{"group":"wsp_coop","max_age":8640,"endpoints":[{"url":"https://q.stripe.com/coop-report?s=A_fhkT9c8T60fX43Rutm7obKrJIyor9fJAt825FVD8lkYCer3CVoKKD38Bqw9298vEWTlWxh7RTdLQ=="}],"include_subdomains":true},{"group":"wsp_coep","max_age":8640,"endpoints":[{"url":"https://q.stripe.com/coep-report?s=A_fhkT9c8T60fX43Rutm7obKrJIyor9fJAt825FVD8lkYCer3CVoKKD38Bqw9298vEWTlWxh7RTdLQ=="}],"include_subdomains":true}
Reporting-Endpoints
Other
wsp_coop="https://q.stripe.com/coop-report?s=A_fhkT9c8T60fX43Rutm7obKrJIyor9fJAt825FVD8lkYCer3CVoKKD38Bqw9298vEWTlWxh7RTdLQ==",wsp_coep="https://q.stripe.com/coep-report?s=A_fhkT9c8T60fX43Rutm7obKrJIyor9fJAt825FVD8lkYCer3CVoKKD38Bqw9298vEWTlWxh7RTdLQ=="
Request-Id
Other
req_sv8AdHCn1KCasu
X-Robots-Tag
Other
none
X-Stripe-Proxy-Response
Other
upstream
X-Stripe-Server-Rpc-Duration-Micros
Other
161542
X-Wc
Other
ABCEFGHIJ
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 826ms