Open
Cached
·
just now
26
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=63072000; includeSubDomains; preload
Content-Security-Policy
Basic
base-uri; object-src; script-src; +2 more
base-uri 'self'; object-src 'self' blob:; script-src 'report-sample' 'nonce-c0dd8a74af94462984ebc62805c3d304' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' https:; frame-ancestors 'self'; report-uri https://web-security-reports.services.atlassian.com/csp-report/confluence-frontend
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer
Permissions-Policy
Missing
Not configured
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding
Caching Headers
1 headers
Cache-Control
Caching
private, no-cache, no-store, must-revalidate
Content Headers
1 headers
Content-Type
Content
text/html; charset="utf-8"
Server Headers
1 headers
Server
Server
AtlassianEdge
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
atl.xsrf.token=36facdcc74199c839b87a829a12e90f67f327e5c; Path=/wiki; Secure; HttpOnly
Other Headers
14 headers
Atl-Confluence-Via
Other
h:cc-frontend-ssr-main.eu-west-1.prod.atl-paas.net
Atl-Request-Id
Other
c0dd8a74-af94-4629-84eb-c62805c3d304
Atl-Traceid
Other
c0dd8a74af94462984ebc62805c3d304
Content-Security-Policy-Report-Only
Other
base-uri 'self'; object-src 'self' blob:; script-src 'report-sample' 'nonce-c0dd8a74af94462984ebc62805c3d304' 'unsafe-inline' 'strict-dynamic' https:; report-uri https://web-security-reports.services.atlassian.com/csp-report/confluence-frontend
Date
Other
Thu, 05 Feb 2026 01:32:22 GMT
Nel
Other
{"failure_fraction": 0.01, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
Report-To
Other
{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
Reporting-Endpoints
Other
default="https://dz8aopenkvv6s.cloudfront.net"
Server-Timing
Other
cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=205,cdn-upstream-fbl;dur=339,atl-edge;dur=59,atl-edge-internal;dur=13,atl-edge-upstream;dur=46,atl-edge-pop;desc="aws-eu-west-1",cdn-cache-miss,cdn-pop;desc="IAD61-P13",cdn-rid;desc="zOBSwq-amWkGGycLvToRXWmPiABDX-KjbAo0p6xFs8gAE2xVxbTbnA==",cdn-downstream-fbl;dur=346
Via
Other
1.1 6e3cb302b7b47cb215ef7af27e526b74.cloudfront.net (CloudFront)
X-Amz-Cf-Id
Other
zOBSwq-amWkGGycLvToRXWmPiABDX-KjbAo0p6xFs8gAE2xVxbTbnA==
X-Amz-Cf-Pop
Other
IAD61-P13
X-Cache
Other
Miss from cloudfront
X-Cc-Frontend-Ssr
Other
prod-euwest;2026-02-03_21-53_f114f72590
Recommendations
Enable compression (gzip/brotli) to improve performance