Open
Cached
·
just now
16
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Basic
default-src; font-src; connect-src; +8 more
default-src 'self'; font-src 'self' https: data: *.zopim.com static.zdassets.com; connect-src 'self' *.zendesk.com shipstation.zendesk.com wss://shipstation.zendesk.com wss://*.zendesk.com *.zdassets.com *.zopim.com wss://*.zopim.com *.zopim.io *.sentry.io bam.nr-data.net api.segment.io api.segment.com track.segment.com cdn.segment.com https://*.launchdarkly.com https://cdn.packlink.com https://api.ipify.org *.smooch.io *.hotjar.com *.hotjar.io wss://*.hotjar.com *.shipengine.com *.adyen.com https://data.pendo.io *.storage.googleapis.com https://app.pendo.io; media-src 'self' *.zdassets.com *.smooch.io; child-src 'self'; object-src 'none'; frame-src https://*; img-src 'self' data: *.zendesk.com *.zdassets.com *.zopim.io *.zopim.com *.zdusercontent.com *.shipstation.com ipaas-images.ssdevlocal.com ipaas-images-stage.sslocal.com *.amazonaws.com/images.shipstation.com/ File *.smooch.io *.gravatar.com https://cdn.packlink.com *.adyen.com https://data.pendo.io https://app.pendo.io *.storage.googleapis.com; style-src 'self' https: 'unsafe-inline' *.zdassets.com; script-src 'self' 'unsafe-eval' *.zendesk.com https://shipstation.zendesk.com https://static.zdassets.com https://widget-mediator.zopim.com https://v2.zopim.com https://theme.zdassets.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.segment.com https://cdn.smooch.io *.hotjar.com 'sha256-g3aKdR2LcYg5AWCl5759RTfLd020MmaGry6zfxSfBoY=' *.iesnare.com https://cdn.pendo.io https://app.pendo.io https://data.pendo.io *.storage.googleapis.com 'sha256-cwqtRr3vzdOfGQi1cX9KuFdGi0W++uozCvAdO9TymDA='; frame-ancestors 'none'
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer
Permissions-Policy
Missing
Not configured
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Connection
Performance
keep-alive
Transfer-Encoding
Performance
chunked
Caching Headers
0 headers
No caching headers found
Content Headers
0 headers
No content headers found
Server Headers
0 headers
No server headers found
CORS Headers
2 headers
Access-Control-Allow-Credentials
Cors
true
Access-Control-Allow-Origin
Cors
https://dashboard.shipengine.com
Cookies Headers
1 headers
Set-Cookie
Cookies
auth_verification=%7B%22nonce%22%3A%22AwlEnjTVJcdC5XvC2Nt1-39K4cUsLaBbjzQnWYQ9p9Q%22%2C%22state%22%3A%22eyJyZXR1cm5UbyI6Imh0dHBzOi8vZGFzaGJvYXJkLnNoaXBlbmdpbmUuY29tLz9pc3M9aHR0cHMlM0ElMkYlMkZzaGlwc3RhdGlvbi5hdXRoMC5jb20lMkYifQ%22%2C%22code_verifier%22%3A%22cMWX9DOwdjT3yQEtda_MyI0LdmjAxDHWzdH1aHMVahk%22%7D.k9LpaTKCJPZEksqu2gExeFBye7xhxonmG_6RGsHQGSk; Path=/; HttpOnly; Secure; SameSite=Lax
Other Headers
5 headers
Date
Other
Sun, 23 Nov 2025 23:38:05 GMT
Location
Other
https://shipstation.auth0.com/authorize?client_id=RKIoV89nI3vBa8IexRby8bkeRtMF6tpn&scope=openid%20profile%20email%20offline_access&response_type=code&redirect_uri=https%3A%2F%2Fdashboard.shipengine.com%2Fapi%2Fauth%2Fcallback&audience=ss%3Awebapi&white_label_logo_url=https%3A%2F%2Fdashboard.shipengine.com%2Fimg%2Flogos%2Fshipstation-api-logo.svg&white_label_page_background_color=rgb%28248%2C%20252%2C%20255%29&white_label_form_background_color=white&white_label_form_text_color=%2310894E&white_label_login_button_background_color=%2310894E&white_label_login_button_text_color=white&white_label_marketing_button_display_text=Sign%20up%20for%20ShipStation%20API&white_label_marketing_button_url=https%3A%2F%2Fwww.shipengine.com%2Fsignup%2F&white_label_marketing_button_background_color=white&white_label_marketing_button_border_color=%2310894E&white_label_marketing_button_text_color=%2310894E&white_label_forgot_password_link=https%3A%2F%2Fapp.shipengine.com%2F%23%2Fpublic%2Fforgot&auth0LoginConfigToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkaXNhYmxlQ2FwdGNoYSI6ZmFsc2UsImlhdCI6MTc2Mzk0MTA4NSwiZXhwIjoxNzYzOTQxOTg1fQ.eJfbxsGVpCxikbhacexkBrhHr58j6xFm9W2YFkiSqzo&disableCaptcha=false&nonce=AwlEnjTVJcdC5XvC2Nt1-39K4cUsLaBbjzQnWYQ9p9Q&state=eyJyZXR1cm5UbyI6Imh0dHBzOi8vZGFzaGJvYXJkLnNoaXBlbmdpbmUuY29tLz9pc3M9aHR0cHMlM0ElMkYlMkZzaGlwc3RhdGlvbi5hdXRoMC5jb20lMkYifQ&code_challenge_method=S256&code_challenge=mkwsJSSmDzYejes9g2CmieLNGvWLv_ekO3Z-eJ-O3_c
X-Dns-Prefetch-Control
Other
on
X-Download-Options
Other
noopen
X-Permitted-Cross-Domain-Policies
Other
none
Recommendations
Enable compression (gzip/brotli) to improve performance
Add Cache-Control header to optimize caching
Analysis completed in 394ms