HTTP Headers Analysis for https://checkout.airwallex.com

Detected Technologies from Headers

See all in URL Inspect 12

PayPal

Apple Pay

Cloudflare Active incidents

Cloudflare CDN

Google Cloud Storage

Google Pay

Google reCAPTCHA

Google Search

Google Static File Front End

Google Sign-In

Plaid

Google Cloud

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=15552000

Content-Security-Policy

Basic

default-src; connect-src; script-src; +10 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

accept-encoding

accept-ranges: bytes
connection: close
transfer-encoding: chunked
vary: accept-encoding

Caching Headers

Age

Caching

1

Cache-Control

Caching

public,max-age=5,stale-while-revalidate=3600

Expires

Caching

Mon, 06 Apr 2026 19:48:19 GMT

Last-Modified

Caching

Mon, 30 Mar 2026 10:12:16 GMT

age: 1
cache-control: public,max-age=5,stale-while-revalidate=3600
expires: Mon, 06 Apr 2026 19:48:19 GMT
last-modified: Mon, 30 Mar 2026 10:12:16 GMT

Content Headers

Content-Type

Content

text/html; charset=utf-8

content-type: text/html; charset=utf-8

Server Headers

Server

cloudflare

server: cloudflare

CORS Headers

Access-Control-Allow-Origin

Cors

*

Access-Control-Expose-Headers

Cors

Content-Type

access-control-allow-origin: *
access-control-expose-headers: Content-Type

Cookies Headers

Set-Cookie

Cookies

set-cookie: __cf_bm=YpYd6hDCceTGJFOihJyHqYMgSuMHmeN57BgDMynBh4M-1775504897.0056386-1.0.1.1-kcrdHIigJNNwqULSyF7Xwd2tYtSU7m1jP7tRfdlMhFxQiI8AYxSBm1XraXLqwuz9UVaAT353_eDDKBQCkzFX1gMcw_y3DDSdQHdCq7byPkVfLUg7gX4ZEzHxuK0HdCrc; HttpOnly; Secure; Path=/; Domain=airwallex.com; Expires=Mon, 06 Apr 2026 20:18:17 GMT

Other Headers

Cf-Cache-Status

Other

HIT

Cf-Ray

Other

9e834f264820c1cf-IAD

Date

Other

Mon, 06 Apr 2026 19:48:17 GMT

Report-To

Other

Group csp-endpoint max-age: 18w

Endpoint 1 https://o11y.airwallex.com/airtracker/csp-reports

Via

Other

1.1 google

X-B3-Traceid

Other

3e44042344cacdaa8ad94aca99098295

X-Goog-Generation

Other

1774865536199882

X-Goog-Hash

Other

crc32c=HowK/w==, md5=dNBIoO3R9nNlES2Y8W03+w==

X-Goog-Metageneration

Other

1

X-Goog-Storage-Class

Other

STANDARD

X-Goog-Stored-Content-Encoding

Other

identity

X-Goog-Stored-Content-Length

Other

1524

X-Guploader-Uploadid

Other

AMNfjG3seVcFZ7RWravF0Ba-eRVaFQewukbaEFbTI996T2w3b3WKlupKMNcokz3Z9dXmodNH

cf-cache-status: HIT
cf-ray: 9e834f264820c1cf-IAD
date: Mon, 06 Apr 2026 19:48:17 GMT
report-to: {"group":"csp-endpoint","max_age":10886400,"endpoints":[{"url":"https://o11y.airwallex.com/airtracker/csp-reports"}]}
via: 1.1 google
x-b3-traceid: 3e44042344cacdaa8ad94aca99098295
x-goog-generation: 1774865536199882
x-goog-hash: crc32c=HowK/w==, md5=dNBIoO3R9nNlES2Y8W03+w==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1524
x-guploader-uploadid: AMNfjG3seVcFZ7RWravF0Ba-eRVaFQewukbaEFbTI996T2w3b3WKlupKMNcokz3Z9dXmodNH

Recommendations

Enable compression (gzip/brotli) to improve performance