HTTP Headers Analysis for https://connect.paypal.com

Detected Technologies from Headers

See all in URL Inspect 3

PayPal

Qualtrics

Varnish

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Good

default-src; style-src; script-src; +9 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer-when-downgrade

Permissions-Policy

Present

ch-ua-platform-version=(self "https://c.paypal.com"), ch-ua-arch=(self "https://c.paypal.com"), ch-ua-wow64=(self "https://c.paypal.com"); +4 more

Recommendations

• Strengthen CSP by removing 'unsafe-eval'

Performance Headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

accept-ranges: bytes
connection: close
transfer-encoding: chunked
vary: Accept-Encoding

Caching Headers

Cache-Control

Caching

max-age=0, no-cache, no-store, must-revalidate

cache-control: max-age=0, no-cache, no-store, must-revalidate

Content Headers

Content-Type

Content

text/html; charset=utf-8

content-type: text/html; charset=utf-8

Server Headers

No server headers found

CORS Headers

Access-Control-Expose-Headers

Cors

Server-Timing

access-control-expose-headers: Server-Timing

Cookies Headers

Set-Cookie

Cookies

set-cookie: LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Thu, 07 May 2026 04:46:11 GMT; HttpOnly; Secure
cmid=v14c6d25edb6a54ac28a3812a46b5b563e; Max-Age=31536000; Path=/
tsrce=axoprofilemgntnodeweb; Domain=.paypal.com; Path=/; Expires=Sat, 09 May 2026 20:00:15 GMT; HttpOnly; Secure; SameSite=None
tsrce=axoprofilemgntnodeweb; Domain=.paypal.com; Path=/; Expires=Sat, 09 May 2026 20:00:16 GMT; HttpOnly; Secure; SameSite=None
nsid=s%3Aw2epqIk_2otXbsuJSsmDFPXqHi3b-shA.JXWkhJK0F%2BGqbQMIYRx%2F8fFIXx9WR03A0vGQPKt9VOY; Path=/; HttpOnly; Secure
ts=undefined%3D%26vreXpYrS%3D1872768392%26vteXpYrS%3D1778099415%26vt%3Dfee073bc19d6454618c0c5a7fffecfa2%26vr%3Dfee073bc19d6454618c0c5a7fffecfa1; Domain=.paypal.com; Path=/; Expires=Sun, 06 May 2029 13:26:33 GMT; HttpOnly; Secure; SameSite=None
ts_c=vr%3Dfee073bc19d6454618c0c5a7fffecfa1%26vt%3Dfee073bc19d6454618c0c5a7fffecfa2; Domain=.paypal.com; Path=/; Expires=Sun, 06 May 2029 13:26:33 GMT; HttpOnly; Secure; SameSite=None

Other Headers

Accept-Ch

Other

sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64

Date

Other

Wed, 06 May 2026 20:00:16 GMT

Dc

Other

ccg11-origin-www-1.paypal.com

Link

Other

URL

https://www.paypalobjects.com/web/res/axoprofilemgnt/_next/static/css/480a2f4be83c9c9e.css

rel=preload as=style nonce=toS3FfQ6ilHsWhoQdfzQG3C1hHOMDYlaTg6GuHyhJI9/2Rlp

Paypal-Debug-Id

Other

f352967859c97

Server-Timing

Other

traceparent;desc="00-0000000000000000000f352967859c97-84faf47acaa85a52-01",content-encoding,x-cdn;desc="fastly"

Via

Other

1.1 varnish, 1.1 varnish, 1.1 varnish

X-Cache

Other

MISS, MISS, MISS, MISS

X-Cache-Hits

Other

0, 0, 0, 0

X-Served-By

Other

cache-ewr-kewr1740086-EWR, cache-ewr-kewr1740086-EWR

X-Timer

Other

S1778097616.620872,VS0,VE601

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
date: Wed, 06 May 2026 20:00:16 GMT
dc: ccg11-origin-www-1.paypal.com
link: <https://www.paypalobjects.com/web/res/axoprofilemgnt/_next/static/css/480a2f4be83c9c9e.css>; rel=preload; as="style"; nonce="toS3FfQ6ilHsWhoQdfzQG3C1hHOMDYlaTg6GuHyhJI9/2Rlp"
paypal-debug-id: f352967859c97
server-timing: traceparent;desc="00-0000000000000000000f352967859c97-84faf47acaa85a52-01",content-encoding,x-cdn;desc="fastly"
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache: MISS, MISS, MISS, MISS
x-cache-hits: 0, 0, 0, 0
x-served-by: cache-ewr-kewr1740086-EWR, cache-ewr-kewr1740086-EWR
x-timer: S1778097616.620872,VS0,VE601

Recommendations

Enable compression (gzip/brotli) to improve performance