HTTP Headers Analysis for https://change.org

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=15552000; includeSubDomains

Content-Security-Policy

Basic

default-src; font-src; img-src; +2 more

X-Frame-Options

Good

sameorigin

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Present

browsing-topics=(), web-share=(self "https://www.change.org" "https://*.chng.it" "https://chng.it")

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)

Performance Headers

3 headers

Connection

Performance

keep-alive

Transfer-Encoding

Performance

chunked

Vary

Performance

accept-encoding

Caching Headers

2 headers

Cache-Control

Caching

no-cache

Etag

Caching

W/"57d33-Yxg3hfOn+QnU/VUjzPbMgOoYIvs"

Content Headers

1 headers

Content-Type

Content

text/html; charset=utf-8

Server Headers

1 headers

Server

cloudflare

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

_cfuvid=qCw9qvMXD8U3cpM.Ieqo.0JQ4xa9DAODn29RuwiQt0c-1762501606019-0.0.1.1-604800000; path=/; domain=.change.org; HttpOnly; Secure; SameSite=None

Other Headers

7 headers

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

99ab37fc6a5d28c6-IAD

Date

Other

Fri, 07 Nov 2025 07:46:46 GMT

X-Change-Cache

Other

HIT

X-Change-Render-Mode

Other

SSR

X-Request-Id

Other

17dc7632-41c4-417d-8854-f9d03abe2678

X-Session-Type

Other

legacy

Recommendations

Enable compression (gzip/brotli) to improve performance