HTTP Headers Analysis for https://craftcms.com

Detected Technologies from Headers

See all in URL Inspect 4

AWS

Cloudflare CDN

Craft CMS

SEOmatic

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=15552000; includeSubDomains

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer-when-downgrade

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

accept-encoding

connection: close
transfer-encoding: chunked
vary: accept-encoding

Caching Headers

Age

Caching

44788

Cache-Control

Caching

no-store, no-cache, must-revalidate

Expires

Caching

Thu, 19 Nov 1981 08:52:00 GMT

Last-Modified

Caching

Wed, 29 Apr 2026 17:29:16 GMT

Pragma

Caching

no-cache

age: 44788
cache-control: no-store, no-cache, must-revalidate
expires: Thu, 19 Nov 1981 08:52:00 GMT
last-modified: Wed, 29 Apr 2026 17:29:16 GMT
pragma: no-cache

Content Headers

Content-Type

Content

text/html; charset=UTF-8

content-type: text/html; charset=UTF-8

Server Headers

Server

cloudflare

X-Powered-By

Server

Craft CMS,SEOmatic

server: cloudflare
x-powered-by: Craft CMS,SEOmatic

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: __cf_bm=vMsAHQ06J322BVMnclT2ngVOcFobH.ZQT0MHcZMb_.o-1777528512.6129127-1.0.1.1-Ir_0IaaH5EkFgVfZDpD43of8s7eLidY.rsF6t2WABg5E7jo9u1ce5XjaNWPtOUaTP0ZdUFlED91HE5YNZ4NezZFF.i2DhuevO5WMkL0o6qcHhAIPL4.goBWju1XY8H7N; HttpOnly; Secure; Path=/; Domain=craftcms.com; Expires=Thu, 30 Apr 2026 06:25:12 GMT

Other Headers

Alt-Svc

Other

h3=":443"; ma=86400

Cdn-Cache-Control

Other

public,max-age=85632,stale-while-revalidate=3600

Cf-Cache-Status

Other

HIT

Cf-Ray

Other

9f444bd3dccef5ca-IAD

Date

Other

Thu, 30 Apr 2026 05:55:12 GMT

Link

Other

URL https://craftcms.com/

rel=canonical

Server-Timing

Other

esi;dur=20.0;desc="9f444bd3f6eff5ca-IAD",fetch;dur=20.0,total;dur=23.0

Via

Other

id=6e17771a;timestamp=2026-04-29T10:07:54.667991Z gateway

X-Amzn-Requestid

Other

43f2a78a-fe05-42e5-a3df-8f49c406b4e1

X-Amzn-Trace-Id

Other

Root=1-69f23fca-222638682a4e8b777f41bf52;Parent=552ca33d41599974;Sampled=0;Lineage=1:27817af6:0

X-Robots-Tag

Other

all

alt-svc: h3=":443"; ma=86400
cdn-cache-control: public,max-age=85632,stale-while-revalidate=3600
cf-cache-status: HIT
cf-ray: 9f444bd3dccef5ca-IAD
date: Thu, 30 Apr 2026 05:55:12 GMT
link: <https://craftcms.com/>; rel='canonical'
server-timing: esi;dur=20.0;desc="9f444bd3f6eff5ca-IAD",fetch;dur=20.0,total;dur=23.0
via: id=6e17771a;timestamp=2026-04-29T10:07:54.667991Z gateway
x-amzn-requestid: 43f2a78a-fe05-42e5-a3df-8f49c406b4e1
x-amzn-trace-id: Root=1-69f23fca-222638682a4e8b777f41bf52;Parent=552ca33d41599974;Sampled=0;Lineage=1:27817af6:0
x-robots-tag: all

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology