HTTP Headers Analysis for https://cheqroom.com

Detected Technologies from Headers

See all in URL Inspect 31

AWS CloudFront

Tailwind CSS

YouTube

AWS Active incidents

Amazon S3

Microsoft Advertising

ClickCease

Cloudflare CDN

Cloudflare Web Analytics

Cookiebot

Craft CMS

Crazy Egg

Dreamdata

Google AdSense

Google Analytics

Google DoubleClick

Google Hosted Libraries

Google Search

Google Tag Manager

HubSpot

HubSpot Analytics

HubSpot CMS

HubSpot Forms

HubSpot Live Chat

jsDelivr

Microsoft Clarity

Navattic

Spotify

Typeform

Vector

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=15552000

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Basic

report-uri; report-to; base-uri; +12 more Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

accept-encoding

connection: close
transfer-encoding: chunked
vary: accept-encoding

Caching Headers

Cache-Control

Caching

public, s-maxage=31536000, max-age=0

cache-control: public, s-maxage=31536000, max-age=0

Content Headers

Content-Type

Content

text/html; charset=UTF-8

content-type: text/html; charset=UTF-8

Server Headers

Server

cloudflare

X-Powered-By

Server

Craft CMS,Blitz

server: cloudflare
x-powered-by: Craft CMS,Blitz

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: CheqroomBrowserCacheCleared1=d7a4a6511968a4ad9393e25c6da92a4e18cd95ee492f94b64b9af0032c0da1c7a%3A2%3A%7Bi%3A0%3Bs%3A28%3A%22CheqroomBrowserCacheCleared1%22%3Bi%3A1%3Bi%3A1%3B%7D; expires=Sun, 31-May-2026 22:00:00 GMT; Max-Age=907944; path=/; HttpOnly; SameSite=Lax

Other Headers

Alt-Svc

Other

h3=":443"; ma=86400

Cf-Cache-Status

Other

BYPASS

Cf-Ray

Other

9ff2a921cf3f058b-IAD

Clear-Site-Data

Other

"cache"

Date

Other

Thu, 21 May 2026 09:47:36 GMT

Reporting-Endpoints

Other

csp-endpoint="https://www.cheqroom.com/csp-report"

Server-Timing

Other

cfCacheStatus;desc="BYPASS", cfEdge;dur=10,cfOrigin;dur=126

Speculation-Rules

Other

"/cdn-cgi/speculation"

alt-svc: h3=":443"; ma=86400
cf-cache-status: BYPASS
cf-ray: 9ff2a921cf3f058b-IAD
clear-site-data: "cache"
date: Thu, 21 May 2026 09:47:36 GMT
reporting-endpoints: csp-endpoint="https://www.cheqroom.com/csp-report"
server-timing: cfCacheStatus;desc="BYPASS", cfEdge;dur=10,cfOrigin;dur=126
speculation-rules: "/cdn-cgi/speculation"

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology