HTTP Headers Analysis for https://box.net

Detected Technologies from Headers

See all in URL Inspect 4

Box

Cloudflare CDN

Google Fonts

Varnish

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=2592000; includeSubDomains; preload

Content-Security-Policy

Good

default-src; font-src Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Strengthen CSP by removing 'unsafe-eval'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Cookie,Box-Country,X-Box-Geo-Country,X-Frame-Options,Accept-Encoding

connection: close
transfer-encoding: chunked
vary: Cookie,Box-Country,X-Box-Geo-Country,X-Frame-Options,Accept-Encoding

Caching Headers

Age

Caching

85306

Cache-Control

Caching

max-age=30, public, s-maxage=2592000

Expires

Caching

Sun, 19 Nov 1978 05:00:00 GMT

Last-Modified

Caching

Fri, 15 May 2026 21:27:03 GMT

age: 85306
cache-control: max-age=30, public, s-maxage=2592000
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Fri, 15 May 2026 21:27:03 GMT

Content Headers

Content-Language

Content

en

Content-Type

Content

text/html; charset=UTF-8

content-language: en
content-type: text/html; charset=UTF-8

Server Headers

Server

cloudflare

server: cloudflare

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: __cf_bm=EOiW1oiV9ETL.CL7OguMDbXEpo4wCfAZXBTpps1qs.Q-1778965730.2922714-1.0.1.1-XluJlbwhuiwU0RFGeidw4e2gd5j_WAGmw1G7Sz_tnza9Mkcw7GUhY5mgOy.gNlgiNZs2eEHrscQrAm8b8GoEjoqVqgqXhh2_r3Xdd7Q7yEO_nmrCnhe.B0JKYx3W2miV; HttpOnly; SameSite=None; Secure; Path=/; Domain=box.com; Expires=Sat, 16 May 2026 21:38:50 GMT

Other Headers

Aaa-Loc-Header

Other

US

Alt-Svc

Other

h3=":443"; ma=86400

Box-Country

Other

US

Cf-Cache-Status

Other

HIT

Cf-Ray

Other

9fcd5c265a57e5c1-IAD

Date

Other

Sat, 16 May 2026 21:08:50 GMT

Link

Other

URL

//assets.box.com

rel=preconnect crossorigin

Via

Other

varnish

X-Ah-Environment

Other

prod

X-Box-Geo-Country

Other

US

X-Cache

Other

HIT

X-Cache-Hits

Other

7

X-Request-Id

Other

v-d09c37d2-50a4-11f1-a97c-57af2b8cef72

aaa-loc-header: US
alt-svc: h3=":443"; ma=86400
box-country: US
cf-cache-status: HIT
cf-ray: 9fcd5c265a57e5c1-IAD
date: Sat, 16 May 2026 21:08:50 GMT
link: <//assets.box.com>; rel=preconnect; crossorigin
via: varnish
x-ah-environment: prod
x-box-geo-country: US
x-cache: HIT
x-cache-hits: 7
x-request-id: v-d09c37d2-50a4-11f1-a97c-57af2b8cef72

Recommendations

Enable compression (gzip/brotli) to improve performance