HTTP Headers Analysis for https://cartstack.com

Detected Technologies from Headers

See all in URL Inspect 12

Gravatar

AWS

AWS CloudFront

Amazon S3

Cloudflare CDNJS

Font Awesome

Google Fonts

Google Hosted Libraries

jsDelivr

Nginx

PHP

Pusher

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Good

script-src; style-src; img-src; +12 more Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Add Content-Security-Policy header to prevent XSS attacks
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

connection: close
transfer-encoding: chunked

Caching Headers

Age

Caching

35826

age: 35826

Content Headers

Content-Type

Content

text/html; charset=UTF-8

content-type: text/html; charset=UTF-8

Server Headers

Server

nginx/1.28.0

X-Powered-By

Server

PHP/8.3.26

server: nginx/1.28.0
x-powered-by: PHP/8.3.26

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: AWSALBTG=TreNsy90n5NQgr053goBRCUKerDTJ59aj5v8Tvl8XQ08qX7/nYd14EFC0QYU2ejEq191HJN4DxqWCir/hn2+H8NWvT57KHy24FDDTGSw/3RT36KdUYg5oZGKtQ1hYsOrwpY5dN2fyYqOZxyTbiXj+TSl73oAqpK1phyYTJHpPRPt; Expires=Wed, 08 Apr 2026 23:35:57 GMT; Path=/
AWSALBTGCORS=TreNsy90n5NQgr053goBRCUKerDTJ59aj5v8Tvl8XQ08qX7/nYd14EFC0QYU2ejEq191HJN4DxqWCir/hn2+H8NWvT57KHy24FDDTGSw/3RT36KdUYg5oZGKtQ1hYsOrwpY5dN2fyYqOZxyTbiXj+TSl73oAqpK1phyYTJHpPRPt; Expires=Wed, 08 Apr 2026 23:35:57 GMT; Path=/; SameSite=None; Secure
AWSALB=YTggBOjxm5tjqY1AHqpr9xhUChX2z7L57TI8OF2yh4E2qyqRrtXzL9XERf3I92GEu/klsKXTMjDuz+M5TmaPgGK9fJsaAQN3uN/Ht2/G8dOvdU12iE2jPEUH+4yD; Expires=Wed, 08 Apr 2026 23:35:57 GMT; Path=/
AWSALBCORS=YTggBOjxm5tjqY1AHqpr9xhUChX2z7L57TI8OF2yh4E2qyqRrtXzL9XERf3I92GEu/klsKXTMjDuz+M5TmaPgGK9fJsaAQN3uN/Ht2/G8dOvdU12iE2jPEUH+4yD; Expires=Wed, 08 Apr 2026 23:35:57 GMT; Path=/; SameSite=None; Secure
x-amz-continuous-deployment-state=AYABeGxl0yYCau7RO3cl65WePY8APQACAAFEABxkMTdydmc5Nm1tbzJ3LmNsb3VkZnJvbnQubmV0AAFHABVHMDU5NDU0ODMwRk5GN1gwQVRPSlMAAQACQ0QAGkNvb2tpZQAAAIAAAAAMWiTemfKkP%2Fc1p2LDADC5jGTFCzXIKTXKS%2Fx8YCRA1ERmYrwmsnqvYvIj8axz%2F4zBZIOXXfQpDPAwBM0cGBsCAAAAAAwABAAAAAAAAAAAAAAAAAAAOYfR1oWHTPt+RoK%2FCw91V%2F%2F%2F%2F%2F8AAAABAAAAAAAAAAAAAAABAAAADCk56KhIjhiUdEEiLeY%2Fc3KGckjPTyile9cAryk=; HttpOnly; Path=/; Expires=Thu, 02 Apr 2026 09:38:03 GMT

Other Headers

Date

Other

Wed, 01 Apr 2026 23:35:57 GMT

Via

Other

1.1 01767ca4222611269352c4c93a41c338.cloudfront.net (CloudFront)

X-Amz-Cf-Id

Other

QBLcUxTd60fIZy18GbbDUpLZ3vQzLbhSizK5EaWJB_gYc3_4AxludA==

X-Amz-Cf-Pop

Other

IAD89-P4

X-Cache

Other

Hit from cloudfront

date: Wed, 01 Apr 2026 23:35:57 GMT
via: 1.1 01767ca4222611269352c4c93a41c338.cloudfront.net (CloudFront)
x-amz-cf-id: QBLcUxTd60fIZy18GbbDUpLZ3vQzLbhSizK5EaWJB_gYc3_4AxludA==
x-amz-cf-pop: IAD89-P4
x-cache: Hit from cloudfront

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching

Consider removing X-Powered-By header to hide server technology