HTTP Headers Analysis for https://console-cf.nebius.com

Detected Technologies from Headers

See all in URL Inspect 19

GitHub Microsoft Advertising

Envoy

Facebook

Google Analytics

Google API JS Client

Google DoubleClick

Google Search

Google Static File Front End

Google Tag Manager

HubSpot

Sentry

Stape

TikTok Analytics

Twitter

Google Cloud

Google Cloud Storage

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=15552000; includeSubDomains

Content-Security-Policy

Good

script-src; img-src; connect-src; +11 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Strengthen CSP by removing 'unsafe-eval'
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

connection: close

Caching Headers

Cache-Control

Caching

no-store, max-age=0, must-revalidate, proxy-revalidate

Etag

Caching

W/"9c3-K8+A37cSlWO4ME0Wv6HfuoY5trk"

cache-control: no-store, max-age=0, must-revalidate, proxy-revalidate
etag: W/"9c3-K8+A37cSlWO4ME0Wv6HfuoY5trk"

Content Headers

Content-Length

Content

2499

Content-Type

Content

text/html; charset=utf-8

content-length: 2499
content-type: text/html; charset=utf-8

Server Headers

Server

istio-envoy

server: istio-envoy

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: x-device-id=37a2702f-5e10-4564-a79f-1a81f5474335; Path=/; Max-Age=31536000; Expires=Sat, 20 Feb 2027 18:23:48 GMT; Secure; HttpOnly; SameSite=NONE
__Host-psifi.x-csrf-token=17ba918b282b559c7b868caafb1309c224573bb1df1528da319e0c4fac6ada55fccea2532b18f978afb342546a12fd6c6dd45a9586283f1b31b6485a4f7fb4ac%7C2e5d1497e30407ec8fb75a0d936848eed4b3f83a019823cae1e3e50b91cb296d; Max-Age=43560; Path=/; Expires=Sat, 21 Feb 2026 06:29:48 GMT; HttpOnly; Secure; SameSite=Lax

Other Headers

Date

Other

Fri, 20 Feb 2026 18:23:48 GMT

Origin-Agent-Cluster

Other

?1

X-Dns-Prefetch-Control

Other

off

X-Download-Options

Other

noopen

X-Envoy-Upstream-Service-Time

Other

17

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

254fa750-90ac-43e4-b4ea-87b08ad74ed9

X-Trace-Id

Other

7f08908e59e0bb53d89813fc5cf067bb

date: Fri, 20 Feb 2026 18:23:48 GMT
origin-agent-cluster: ?1
x-dns-prefetch-control: off
x-download-options: noopen
x-envoy-upstream-service-time: 17
x-permitted-cross-domain-policies: none
x-request-id: 254fa750-90ac-43e4-b4ea-87b08ad74ed9
x-trace-id: 7f08908e59e0bb53d89813fc5cf067bb

Recommendations

Enable compression (gzip/brotli) to improve performance