HTTP Headers Analysis for https://carto.com

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Weak

upgrade-insecure-requests

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

accelerometer=(), autoplay=(), camera=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), usb=()

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Significantly strengthen CSP directives

Performance Headers

2 headers

Transfer-Encoding

Performance

chunked

Vary

Performance

accept-encoding

Caching Headers

3 headers

Age

Caching

149288

Cache-Control

Caching

public

Last-Modified

Caching

Thu, 06 Nov 2025 13:02:34 GMT

Content Headers

1 headers

Content-Type

Content

text/html

Server Headers

0 headers

No server headers found

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

_cfuvid=X.kxEKKvHPVwIsWN94edl3yZIUi.sa3hn4i6pJ5Fgm4-1762583442780-0.0.1.1-604800000; path=/; domain=.cdn.webflow.com; HttpOnly; Secure; SameSite=None

Other Headers

9 headers

Alt-Svc

Other

h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Cf-Cache-Status

Other

HIT

Cf-Ray

Other

99b305f52dee44a6-IAD

Date

Other

Sat, 08 Nov 2025 06:30:42 GMT

Surrogate-Control

Other

max-age=432000

Surrogate-Key

Other

webflow.carto.com 6345207a1b18e581fcf67604 pageId:65e9f2a5aa591b41d23fcc95 65e9f2a5aa591b41d23fcc9a 65e9f2a5aa591b41d23fccab

Via

Other

1.1 google

X-Cluster-Name

Other

us-east-1-prod-hosting-red

X-Lambda-Id

Other

937052ed-2aec-4007-aaab-5d1f42a58c09

Recommendations

Enable compression (gzip/brotli) to improve performance