HTTP Headers Analysis for https://community.groupon.com

Detected Technologies from Headers

See all in URL Inspect 2

Akamai

Envoy

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=15768000

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Present

DENY, SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close, Transfer-Encoding

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding, User-Agent

connection: close, Transfer-Encoding
transfer-encoding: chunked
vary: Accept-Encoding, User-Agent

Caching Headers

Cache-Control

Caching

private, no-cache, no-store, max-age=0, must-revalidate

Etag

Caching

"wly9q60lxmjsy8"

cache-control: private, no-cache, no-store, max-age=0, must-revalidate
etag: "wly9q60lxmjsy8"

Content Headers

Content-Type

Content

text/html; charset=utf-8

content-type: text/html; charset=utf-8

Server Headers

Server

Groupon

server: Groupon

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: division=washington-dc; Max-Age=31535999; Expires=Fri, 19 Feb 2027 10:19:43 GMT; Path=/; Domain=.groupon.com
user_locale=en_US; Max-Age=34186464; Expires=Mon, 22 Mar 2027 02:34:08 GMT; Path=/; Domain=.groupon.com; Secure
gx=next_ramp_up:treatment; Max-Age=31536000; Expires=Fri, 19 Feb 2027 10:19:44 GMT; Path=/; Domain=.groupon.com
b=ebb183ef-7fc2-4c55-b183-ef7fc2ec55d7; Max-Age=315360000; Expires=Sun, 17 Feb 2036 10:19:44 GMT; Path=/; Domain=.groupon.com
s=31b4640b-b8ae-406b-b464-0bb8ae406bc5; Max-Age=1800; Expires=Thu, 19 Feb 2026 10:49:44 GMT; Path=/; Domain=.groupon.com
ell=39.0469%2C-77.4903; Max-Age=31535999; Expires=Fri, 19 Feb 2027 10:19:43 GMT; Path=/; Domain=.groupon.com
ipll=%7B%22lat%22%3A39.0469%2C%22lng%22%3A-77.4903%2C%22ip%22%3A%22216.246.40.66%22%2C%22country%22%3A%22US%22%2C%22city%22%3A%22Ashburn%22%2C%22state%22%3A%22VA%22%2C%22accuracyRadius%22%3A20%2C%22closestDivision%22%3A%7B%22id%22%3A%22washington-dc%22%2C%22isFallback%22%3Afalse%7D%7D; Max-Age=31535999; Expires=Fri, 19 Feb 2027 10:19:43 GMT; Path=/; Domain=.groupon.com
division_search_loc=%7B%22center%22%3A%7B%22lat%22%3A39.04372%2C%22lng%22%3A-77.48749%7D%2C%22shortName%22%3A%22Hillcrest%22%2C%22attributes%22%3A%7B%22division%22%3A%7B%22permalink%22%3A%22washington-dc%22%2C%22name%22%3A%22Washington%20DC%22%7D%7D%2C%22url%22%3A%22ashburn-va%22%2C%22source%22%3A%22maxmind%22%7D; Max-Age=31535999; Expires=Fri, 19 Feb 2027 10:19:43 GMT; Path=/; Domain=.groupon.com
division_name=Washington%20DC; Max-Age=31535999; Expires=Fri, 19 Feb 2027 10:19:43 GMT; Path=/; Domain=.groupon.com
sigFraudCheck=57d812c5-9255-4a2d-9812-c592559a2d4e; Max-Age=86400; Expires=Fri, 20 Feb 2026 10:19:44 GMT; Path=/; Domain=.groupon.com
_abck=711AC025B5EFFA8BD46B2B6801AAA267~-1~YAAQUmrcFzVkklWcAQAA3qlpdQ8yQ2gjw11rpsvtYoOo8XB6nRsfzGlZmrNwRu4o76wAfy3cWLQR2ndh0OJPe/G/y+ZxPjUkro2ha5m9RbaT6WVehWXNjI0U+xFr1EyV2N3Tzl/ZXYyBaiA+rtc4VkhG35xcv/cQoAuLbpmH+cghW+v6BwEMIw79xc18i1J69nYgU/qvzNbiqreeUoZX7CngEaWwcYQqIQ3ROX5RNM4k4KH8B3TkgFpkFIeXvl2SEiK0AvSqLJFkY8MA9Kg1SUg2McRIx4uZpPnB7ZOM9HY4uTbmSXywP4t3kxzfgjc68qWRMPjOn29IABaB25sZuufby8qoe10a+Qftn/jt69yH3BvJbB4iiC2jrnX8EaY/v9ez9Nm948JPC/cBkaDbnGZ/3FpUirBcd1f2i8oackfEXbIW3wGo7c9r7MAhM/0xXMbrke+M~-1~-1~-1~-1~-1; Domain=.groupon.com; Path=/; Expires=Fri, 19 Feb 2027 10:19:44 GMT; Max-Age=31536000; Secure
bm_sz=6053FEBA6578F17D13A556C6197D4182~YAAQUmrcFzZkklWcAQAA3qlpdR4T/RIxWfIK4YHVchgUThb466XgZ2NUAJRBOkPGYkvZDLmv0IOWMRdYGssBdSkFXSKNuUa/N/pvJT3xgQOOmmkHgJ5mwEXiaTntwk/obhlAoJeIVcx8Ip9N7c+d7vF6qNAchTFHIiW1/sAzqJqXOuQM1Ja2b3Yo+sgKZ1Bg+pz/acVMfNuP4QJ/LIRvgz+qvaZrvdZezqLqEA7H+qel/GZtO2jd7RzujdVyRZrc2L7NWRT59sVCiIEQzQ4cU+75X6YRWX7e7nyD14OH4mvoNYJVQbU/ff1s7pafvTa4BwKFvCzwbKm7Y/NzRh+vLCFXoi1JbXA2wYvGqvN4Qg==~4469313~4473912; Domain=.groupon.com; Path=/; Expires=Thu, 19 Feb 2026 14:19:43 GMT; Max-Age=14399

Other Headers

Date

Other

Thu, 19 Feb 2026 10:19:44 GMT

Server-Timing

Other

rReq;dur=1059, rCon;dur=0, rHdr;dur=1059, hbi;dur=1051, mdlw;dur=109,gIP;dur=1,gSSP;dur=177,rndr;dur=732,total;dur=1025

X-Akamai-Transformed

Other

0 - 0 -

X-B-Cookie

Other

ebb183ef-7fc2-4c55-b183-ef7fc2ec55d7

X-B3-Traceid

Other

23f4fd9f53be4e0f876d52a9167a0ffb

X-Destination

Other

tls_conveyor_next

X-Envoy-Upstream-Service-Time

Other

1061

X-External-Request-Id

Other

true

X-Forwarded-Proto

Other

https, https

X-Grpn-Served-By-Pod

Other

next-pwa-app--itier--default-5579676c6f-hl5nl

X-Mtls-Upstream-Time

Other

1051

X-Original-Request-Id

Other

23f4fd9f-53be-4e0f-876d-52a9167a0ffb, 23f4fd9f-53be-4e0f-876d-52a9167a0ffb

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

23f4fd9f-53be-4e0f-876d-52a9167a0ffb,23f4fd9f-53be-4e0f-876d-52a9167a0ffb

X-Request-Originated-From

Other

envoy-tls-side-car--ingress-https

X-Response-Served-From

Other

next-pwa-app--us-central1--default--conveyor-gcp-production2, routing-service--public--us-central1--default--conveyor-gcp-production2

X-S-Cookie

Other

31b4640b-b8ae-406b-b464-0bb8ae406bc5

X-Signifyd-Cookie

Other

57d812c5-9255-4a2d-9812-c592559a2d4e

X-Ua-Compatible

Other

IE=edge,chrome=1

date: Thu, 19 Feb 2026 10:19:44 GMT
server-timing: rReq;dur=1059, rCon;dur=0, rHdr;dur=1059, hbi;dur=1051, mdlw;dur=109,gIP;dur=1,gSSP;dur=177,rndr;dur=732,total;dur=1025
x-akamai-transformed: 0 - 0 -
x-b-cookie: ebb183ef-7fc2-4c55-b183-ef7fc2ec55d7
x-b3-traceid: 23f4fd9f53be4e0f876d52a9167a0ffb
x-destination: tls_conveyor_next
x-envoy-upstream-service-time: 1061
x-external-request-id: true
x-forwarded-proto: https, https
x-grpn-served-by-pod: next-pwa-app--itier--default-5579676c6f-hl5nl
x-mtls-upstream-time: 1051
x-original-request-id: 23f4fd9f-53be-4e0f-876d-52a9167a0ffb, 23f4fd9f-53be-4e0f-876d-52a9167a0ffb
x-permitted-cross-domain-policies: none
x-request-id: 23f4fd9f-53be-4e0f-876d-52a9167a0ffb,23f4fd9f-53be-4e0f-876d-52a9167a0ffb
x-request-originated-from: envoy-tls-side-car--ingress-https
x-response-served-from: next-pwa-app--us-central1--default--conveyor-gcp-production2, routing-service--public--us-central1--default--conveyor-gcp-production2
x-s-cookie: 31b4640b-b8ae-406b-b464-0bb8ae406bc5
x-signifyd-cookie: 57d812c5-9255-4a2d-9812-c592559a2d4e
x-ua-compatible: IE=edge,chrome=1

Recommendations

Enable compression (gzip/brotli) to improve performance