HTTP Headers Analysis for https://commerce.coinbase.com

Detected Technologies from Headers

See all in URL Inspect 63

PayPal

Gravatar

Marqeta

Cloudflare NEL Monitoring

AWS CloudFront

YouTube

Google Maps

Morpho

TrueLayer

Atomic

Riskified

Google Tag Manager

Salesforce Cloud

Google Sign-In

Google reCAPTCHA

Amplitude

Trustly

Braintree

Sardine

AppsFlyer

Google Translate

WordPress

TradingView

Tink

Plaid

Google DoubleClick

Google Pay

Google Analytics

Google Conversion Tracking

Sprig

Segment

Cloudflare CDN

Datadog

Google Static File Front End

Calendly

Google API JS Client

Google Fonts

Wistia

Twitter

G Workspace

Contentful

Cloudinary

Stripe

Coinbase Active incidents

MetaMask

Branch

Google Search

Datawrapper

Facebook

Amazon S3

Veriff

OneTrust

WalletConnect

Recruitics

Entrust Identity Verification

Cloudflare CDNJS

AWS

Vimeo

Persona

Google Cloud

Google Cloud Storage

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; child-src; connect-src; +8 more Analyze

Content-Security-Policy-Report-Only

Basic

default-src; child-src; connect-src; +7 more Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

accept-encoding

connection: close
transfer-encoding: chunked
vary: accept-encoding

Caching Headers

Cache-Control

Caching

no-store, no-cache, must-revalidate, proxy-revalidate

Expires

Caching

0

cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
expires: 0

Content Headers

Content-Type

Content

text/html; charset=utf-8

content-type: text/html; charset=utf-8

Server Headers

Server

cloudflare

server: cloudflare

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: cb_dm=c4612458-3d04-438b-b9a4-97d05b361948; Path=/; Domain=coinbase.com; Expires=Thu, 01 May 2036 16:47:49 GMT; HttpOnly; Secure
coinbase_device_id=e83258a6-4382-4685-8546-7004382b0d50; domain=.coinbase.com; expires=Mon, 28 Apr 2036 16:47:49 GMT; SameSite=Lax; path=/; secure;
__cf_bm=R.XoeevPI7EkfSKC56s1gOgp5C4n_1950pOv.gDZIXQ-1777654069.3212297-1.0.1.1-gNO363374onKuWLMCN1iz__SsA.uLrpKDzagzXSG.hpDEFmqrkQSL0ujl2aBGbPbTNzUJwPhsoc5iOF49UJVIkSNBpU0ofeOUkZsqJwKfmqsKW7etkKR0FSQgW7coQaF; HttpOnly; Secure; Path=/; Domain=coinbase.com; Expires=Fri, 01 May 2026 17:17:49 GMT
_cfuvid=QWUraV57vCVM1aRmEOJBD4aAx10IE2x.IB4QZZyk__w-1777654069.3212297-1.0.1.1-1wDz8ByYhbCHtvhZJwejLyzX2GPbmZrJd0_Mrnot3V8; HttpOnly; SameSite=None; Secure; Path=/; Domain=coinbase.com

Other Headers

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9f50452d4968a124-IAD

Date

Other

Fri, 01 May 2026 16:47:49 GMT

Nel

Other

Report-To Group cf-nel max-age: 1w

success: 1.0%

Report-To

Other

Group cf-nel max-age: 1w

Endpoint 1 https://a.nel.cloudflare.com/report/v4?s=6YNdopqF1FdDQ2V2tdvuM9%2Bja%2BwGTvEKLmOTMN3mdSzEaIbOjZsWv2wmWSEmDvaGmokTSJcRPy%2FDGG5mGpJBCZcJ5PoJPaNd%2FrIuqD%2FWG3GfAeJxu0ttlslnMt60eVyE3Yk%3D

Surrogate-Control

Other

no-store

Trace-Id

Other

734770607275568868

X-Dns-Prefetch-Control

Other

off

X-Download-Options

Other

noopen

cf-cache-status: DYNAMIC
cf-ray: 9f50452d4968a124-IAD
date: Fri, 01 May 2026 16:47:49 GMT
nel: {"report_to":"cf-nel","success_fraction":0.01,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=6YNdopqF1FdDQ2V2tdvuM9%2Bja%2BwGTvEKLmOTMN3mdSzEaIbOjZsWv2wmWSEmDvaGmokTSJcRPy%2FDGG5mGpJBCZcJ5PoJPaNd%2FrIuqD%2FWG3GfAeJxu0ttlslnMt60eVyE3Yk%3D"}]}
surrogate-control: no-store
trace-id: 734770607275568868
x-dns-prefetch-control: off
x-download-options: noopen

Recommendations

Enable compression (gzip/brotli) to improve performance