HTTP Headers Analysis for https://blog.stackhawk.com

SSL Verification Bypassed

The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.

Reason:

Expired Certificate - the server's certificate has expired

Open Cached · just now

27 Headers

Detected Technologies from Headers

See all in URL Inspect 4

Cloudflare CDN

Google Fonts

jsDelivr

Sentry

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=63072000; includeSubdomains; preload

Content-Security-Policy

Weak

upgrade-insecure-requests Analyze

Content-Security-Policy-Report-Only

Basic

default-src; script-src; script-src-elem; +6 more Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

camera=(), microphone=(), geolocation=*; +1 more

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Significantly strengthen CSP directives

Performance Headers

Connection

Performance

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding, Accept-Encoding, Accept-Encoding

connection: close
transfer-encoding: chunked
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding

Caching Headers

Cache-Control

Caching

max-age=86400, must-revalidate

Last-Modified

Caching

Wed, 13 May 2026 09:42:39 GMT

cache-control: max-age=86400, must-revalidate
last-modified: Wed, 13 May 2026 09:42:39 GMT

Content Headers

Content-Type

Content

text/html; charset=UTF-8

content-type: text/html; charset=UTF-8

Server Headers

Server

cloudflare

server: cloudflare

CORS Headers

No CORS headers found

Cookies Headers

No cookies headers found

Other Headers

Alt-Svc

Other

h3=":443"; ma=86400

Cf-Apo-Via

Other

tcache

Cf-Cache-Status

Other

HIT

Cf-Edge-Cache

Other

cache,platform=wordpress

Cf-Ray

Other

9fb0b6e25e1fcd1b-IAD

Date

Other

Wed, 13 May 2026 09:42:39 GMT

Report-To

Other

Group csp-endpoint max-age: 52w

Endpoint 1 https://o360010.ingest.sentry.io/api/5670260/security/?sentry_key=2b7b422bc27748d9a7275d097a190f31

Reporting-Endpoints

Other

default-endpoint="https://o360010.ingest.sentry.io/api/5670260/security/?sentry_key=2b7b422bc27748d9a7275d097a190f31";

X-Cache

Other

MISS

X-Cache-Group

Other

normal

X-Cacheable

Other

SHORT

X-Permitted-Cross-Domain-Policies

Other

none

alt-svc: h3=":443"; ma=86400
cf-apo-via: tcache
cf-cache-status: HIT
cf-edge-cache: cache,platform=wordpress
cf-ray: 9fb0b6e25e1fcd1b-IAD
date: Wed, 13 May 2026 09:42:39 GMT
report-to: {"group":"csp-endpoint","max_age":31536000,"endpoints":[{"url":"https://o360010.ingest.sentry.io/api/5670260/security/?sentry_key=2b7b422bc27748d9a7275d097a190f31"}],"include_subdomains":true}
reporting-endpoints: default-endpoint="https://o360010.ingest.sentry.io/api/5670260/security/?sentry_key=2b7b422bc27748d9a7275d097a190f31";
x-cache: MISS
x-cache-group: normal
x-cacheable: SHORT
x-permitted-cross-domain-policies: none

Recommendations

Enable compression (gzip/brotli) to improve performance