HTTP Headers Analysis for https://docs.figure.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

same-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Vary

Performance

Origin

Caching Headers

4 headers

Cache-Control

Caching

private, no-store, no-cache, must-revalidate, max-age=0

Etag

Caching

"69792592-401d"

Last-Modified

Caching

Tue, 27 Jan 2026 20:52:34 GMT

Pragma

Caching

no-cache

Content Headers

2 headers

Content-Length

Content

16413

Content-Type

Content

text/html; charset=UTF-8

Server Headers

1 headers

Server

nginx/1.29.4

CORS Headers

2 headers

Access-Control-Allow-Credentials

Cors

true

Access-Control-Expose-Headers

Cors

x-uuid,x-roles,x-groups,x-accomplishments,Authorization,Content-Type,x-with-origin,Origin,x-org,x-3pv-access-code,x-figure-auth,x-addr,x-grp,x-pub,x-kong-request-id

Cookies Headers

0 headers

No cookies headers found

Other Headers

8 headers

Alt-Svc

Other

h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Date

Other

Wed, 04 Feb 2026 23:56:29 GMT

Via

Other

1.1 kong/3.9.1, 1.1 google

X-Debug-Greeting

Other

hatz says hey

X-Debug-Uri

Other

/index.html

X-Kong-Proxy-Latency

Other

1

X-Kong-Request-Id

Other

c7654d021d149b02982aee0ab7cb3805

X-Kong-Upstream-Latency

Other

2

Recommendations

Enable compression (gzip/brotli) to improve performance