HTTP Headers Analysis for https://cdn.secure.espn.com

SSL Verification Bypassed

The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.

Reason:

Hostname Mismatch - certificate is issued for espn.com, *.internal.espn.com, *.us-east-1.aws.hosted.espn.com, *.espn.com, *.geo.hosted.espn.com, *.geo.internal.espn.com, not for cdn.secure.espn.com

Open Cached · just now

12 Headers

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Weak

frame-ancestors

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Significantly strengthen CSP directives
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

4 headers

Accept-Ranges

Performance

bytes

Connection

Performance

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

Caching Headers

2 headers

Cache-Control

Caching

max-age=0, must-revalidate

Etag

Caching

W/"5732c9f0094e5c38c6df9f6dbf2e39f24eeb6698"

Content Headers

1 headers

Content-Type

Content

text/html;charset=UTF-8

Server Headers

0 headers

No server headers found

CORS Headers

1 headers

Access-Control-Allow-Origin

Cors

Cookies Headers

1 headers

Set-Cookie

userab_1=eb2b8f1837a64d8bc6fcae98fc079414~ad_espn-403%2Atest-a-1674%2Ceapp_sc4u-414%2Ap-a-1739%2Ceapp_vertfy-532%2Ap-cfbf-2222%2Ceapp_verttab-533%2Atab-g-2239%2Cegc_bball_postmvp-506%2Agc-a-2107%2Cespn_app_homefeed_31_app-494%2Ahfa-v-2064%2Cespn_mweb_pl-536%2Ap-a-2254%2Cespn_my_news_design_a-87%2Amy_news_variation1-308%2Cespn_onefeed_my_news-406%2Aplethora-a-1691%2Cespn_sb_pb-450%2Aa-1865%2Cespn_watch_for_you-409%2Awatch-fy-a-1711%2Cespn_watch_for_you_web-392%2Awatch-fy-a-1642%2Cespn_watch_rfy_latest-410%2Awatch-fy-a-1716%2Cespn_web_pl-537%2Ap-a-2259%2Ceweb_bncp_pref-464%2Avariant_a-1909%2Ceweb_bncp_react-524%2Avariant_a-2197%2Ceweb_bncp_search-463%2Avariant_a-1908%2Ceweb_nav-437%2Anav_a-1815%2Ceweb_oly-513%2Aa-2145%2Cexm_test-379%2Avariant_b3_new-1573%2Cplayer_next_live-535%2Awatch-fy-a-2249%2Cplayer_next_short-54%2Aa-163%2Cweb_index1_pres-99%2Aenhanced-346; Expires=Tue, 10 Feb 2026 11:18:25 GMT; Domain=cdn.secure.espn.com; Path=/

Other Headers

2 headers

Date

Other

Tue, 10 Feb 2026 07:18:25 GMT

Via

Other

1.1 db1ee60dd72e (Varnish/7.5)

Recommendations

Enable compression (gzip/brotli) to improve performance