HTTP Headers Analysis for https://connect.squareup.com

Open Cached · just now

27 Headers

Detected Technologies from Headers

See all in URL Inspect 4

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=631152000; includeSubDomains; preload

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Content-Security-Policy header to prevent XSS attacks
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding, Accept

connection: close
transfer-encoding: chunked
vary: Accept-Encoding, Accept

Caching Headers

Cache-Control

Caching

max-age=0, public, must-revalidate

cache-control: max-age=0, public, must-revalidate

Content Headers

Content-Type

Content

text/html; charset=utf-8

content-type: text/html; charset=utf-8

Server Headers

Server

Server

cloudflare

server: cloudflare

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: squareGeo=DELETE; path=/; SameSite=Strict; Secure; max-age=0
squareGeo=US-VA; Domain=squareup.com; path=/; SameSite=Strict; Secure; max-age=2419200
__cf_bm=hdbam3reRPGn63LrnDK7Av0DHwXGOQlxQsMgGILYp3Y-1778323757.2255843-1.0.1.1-WP59z8TX2ZRy__O.UhPs_gIovY.Nrz4o0yBsIvC_gl3XNPlW_oFC1H9PQLR02jQw_cbnI0mqp9lw8ww.VlvORx9StC._ZsQUzNxtX.uTjap1XeQJQzX4ozSfnXroEJy9; HttpOnly; Secure; Path=/; Domain=developer.squareup.com; Expires=Sat, 09 May 2026 11:19:17 GMT

Other Headers

Cdn-Caching-Enabled

Other

true

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9f9022faae16f508-IAD

Date

Other

Sat, 09 May 2026 10:49:17 GMT

Link

Other

URL

https://square-fonts-production-f.squarecdn.com/square-text/SquareSansText-Upright-VF.woff2

rel=preload as=font type=font/woff2 crossorigin

URL

https://square-fonts-production-f.squarecdn.com/square-display/SquareSansDisplay-VF.woff2

rel=preload as=font type=font/woff2 crossorigin

URL

https://square-fonts-production-f.squarecdn.com/square-text/SquareSansText-Medium.woff2

rel=preload as=font type=font/woff2 crossorigin

URL

https://images.ctfassets.net

rel=preconnect crossorigin

X-Download-Options

Other

noopen

X-Envoy-Decorator-Operation

Other

/{locale}

X-Exp-Rendered

Other

X-Optly-Rendered

Other

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

d2d23cb5-effb-41d0-903c-971d22a5ee4e

X-Sq-Dc

Other

aws, aws

X-Sq-Region

Other

us-west-2, us-west-2

X-Square

Other

S=xms-blue-6b9756676f-5px6w

X-Xms-Page-Cache-Key-Debug

Other

page:92514bb330e7f8d22265505e7b668c5dc2dce8e8:2

X-Xms-Page-Cache-Status

Other

HIT

cdn-caching-enabled: true
cf-cache-status: DYNAMIC
cf-ray: 9f9022faae16f508-IAD
date: Sat, 09 May 2026 10:49:17 GMT
link: <https://square-fonts-production-f.squarecdn.com/square-text/SquareSansText-Upright-VF.woff2>; rel=preload; as=font; type=font/woff2; crossorigin, <https://square-fonts-production-f.squarecdn.com/square-display/SquareSansDisplay-VF.woff2>; rel=preload; as=font; type=font/woff2; crossorigin, <https://square-fonts-production-f.squarecdn.com/square-text/SquareSansText-Medium.woff2>; rel=preload; as=font; type=font/woff2; crossorigin, <https://images.ctfassets.net>; rel=preconnect; crossorigin
x-download-options: noopen
x-envoy-decorator-operation: /{locale}
x-exp-rendered: 
x-optly-rendered: 
x-permitted-cross-domain-policies: none
x-request-id: d2d23cb5-effb-41d0-903c-971d22a5ee4e
x-sq-dc: aws, aws
x-sq-region: us-west-2, us-west-2
x-square: S=xms-blue-6b9756676f-5px6w
x-xms-page-cache-key-debug: page:92514bb330e7f8d22265505e7b668c5dc2dce8e8:2
x-xms-page-cache-status: HIT

Recommendations

Enable compression (gzip/brotli) to improve performance