HTTP Headers Analysis for https://dashboard.mx.com

Detected Technologies from Headers

See all in URL Inspect 2

Nginx

Varnish

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31557600

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Consider adding Permissions-Policy to control browser features

Performance Headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Vary

Performance

Accept-Encoding

accept-ranges: bytes
connection: close
vary: Accept-Encoding

Caching Headers

Cache-Control

Caching

no-store

Etag

Caching

W/"771dc9c46ea1720c332c4ccd8d39a74d"

Expires

Caching

0

Pragma

Caching

no-store

cache-control: no-store
etag: W/"771dc9c46ea1720c332c4ccd8d39a74d"
expires: 0
pragma: no-store

Content Headers

Content-Length

Content

3956

Content-Type

Content

text/html; charset=utf-8

content-length: 3956
content-type: text/html; charset=utf-8

Server Headers

Server

nginx

server: nginx

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: _longbow_app_session=90efa2e2bf02fd2cb992b6cafa53c628; domain=mx.com; path=/; expires=Sun, 10 May 2026 20:08:10 GMT; secure; HttpOnly; SameSite=Lax

Other Headers

Allow

Other

GET, PUT, POST, DELETE, HEAD, OPTIONS, GET, PUT, POST, DELETE, HEAD, OPTIONS

Alt-Svc

Other

h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

Date

Other

Sun, 10 May 2026 19:38:10 GMT

Link

Other

URL /javascripts/ashitaka/bundle.js?cacheKey=default

rel=preload as=script nopush

URL /assets/insighttarget-font-2c8de33e3024ac8c993d51b0fc447faddf5fe5d3729eea77c817387b40b38e56.css

rel=preload as=style nopush

URL /assets/unauthenticated-f9acc1bba51d074e1a7769a0115f032cff45495ef6961250c1875905770a0e9c.css?v=00001

rel=preload as=style nopush

Via

Other

1.1 varnish

X-B3-Spanid

Other

3d3806e903ef2bff, d77247968843cd5e

X-B3-Traceid

Other

6a00dea200000000d77247968843cd5e, 6a00dea200000000d77247968843cd5e

X-Cache

Other

MISS, MISS

X-Cache-Hits

Other

0, 0

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

7d845f0e-760a-4223-82f9-dc3c1dce3c42

X-Served-By

Other

cache-iad-kjyo7100069-IAD, cache-iad-kiad7000087-IAD

allow: GET, PUT, POST, DELETE, HEAD, OPTIONS, GET, PUT, POST, DELETE, HEAD, OPTIONS
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
date: Sun, 10 May 2026 19:38:10 GMT
link: </javascripts/ashitaka/bundle.js?cacheKey=default>; rel=preload; as=script; nopush,</assets/insighttarget-font-2c8de33e3024ac8c993d51b0fc447faddf5fe5d3729eea77c817387b40b38e56.css>; rel=preload; as=style; nopush,</assets/unauthenticated-f9acc1bba51d074e1a7769a0115f032cff45495ef6961250c1875905770a0e9c.css?v=00001>; rel=preload; as=style; nopush
via: 1.1 varnish
x-b3-spanid: 3d3806e903ef2bff, d77247968843cd5e
x-b3-traceid: 6a00dea200000000d77247968843cd5e, 6a00dea200000000d77247968843cd5e
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-permitted-cross-domain-policies: none
x-request-id: 7d845f0e-760a-4223-82f9-dc3c1dce3c42
x-served-by: cache-iad-kjyo7100069-IAD, cache-iad-kiad7000087-IAD

Recommendations

Enable compression (gzip/brotli) to improve performance