HTTP Headers Analysis for https://community.crowdstrike.com

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Weak

upgrade-insecure-requests; report-uri

X-Frame-Options

Present

ALLOW-FROM https://crowdstrike.pathfactory.com https://crowdstrike.com https://www.crowdstrike.co.uk https://go.crowdstrike.com https://store.crowdstrike.com

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Significantly strengthen CSP directives
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

Caching Headers

1 headers

Cache-Control

Caching

max-age=0, must-understand, no-store, private

Content Headers

2 headers

Content-Language

Content

en-US

Content-Type

Content

text/html; charset=UTF-8

Server Headers

1 headers

Server

cloudflare

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

__cf_bm=2HR8D5EhuahzVE97vK94Gf3VaTFfBdBkj8Ewvx9sKGc-1768997083-1.0.1.1-4PxJayXa0SV4yQ3ge7eJFmmbAR8WbtKx6E1kCykvyKi3mQQsh.6m6JdtRotUCuNQk8NIiCStTX8SlaqPnHJE602z6M2N577BdJ.g2Ex1Bno; path=/; expires=Wed, 21-Jan-26 12:34:43 GMT; domain=.crowdstrike.com; HttpOnly; Secure; SameSite=None

Other Headers

7 headers

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9c16acf5584007d7-IAD

Date

Other

Wed, 21 Jan 2026 12:04:43 GMT

Via

Other

1.1 68a9f2dcbbd436308ba855514c015cf2.cloudfront.net (CloudFront)

X-Amz-Cf-Id

Other

NxgoccL6L7CMNpz1cB3ODB2zx9cFvQYMww9D8WIy5EAs_PNgGiO0vg==

X-Amz-Cf-Pop

Other

IAD55-P8

X-Cache

Other

Miss from cloudfront

Recommendations

Enable compression (gzip/brotli) to improve performance