HTTP Headers Analysis for https://draw.io

Detected Technologies from Headers

See all in URL Inspect 10

Cloudflare CDN

draw.io

Dropbox

GitHub

GitLab

Google API JS Client

Google Fonts

OpenAI

Pusher

Microsoft SharePoint

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Good

default-src; script-src; connect-src; +9 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin

Permissions-Policy

Present

microphone=()

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Strengthen CSP by removing 'unsafe-eval'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

accept-encoding

connection: close
transfer-encoding: chunked
vary: accept-encoding

Caching Headers

Age

Caching

0

Cache-Control

Caching

public, max-age=600

Expires

Caching

Wed, 01 Apr 2026 03:58:44 GMT

age: 0
cache-control: public, max-age=600
expires: Wed, 01 Apr 2026 03:58:44 GMT

Content Headers

Content-Type

Content

text/html

content-type: text/html

Server Headers

Server

cloudflare

server: cloudflare

CORS Headers

Access-Control-Allow-Origin

Cors

*

access-control-allow-origin: *

Cookies Headers

No cookies headers found

Other Headers

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9e549eb039b75968-IAD

Date

Other

Wed, 01 Apr 2026 03:48:44 GMT

X-Cloud-Trace-Context

Other

0898777ce38da4fd18d5d4e6bb9f4907

cf-cache-status: DYNAMIC
cf-ray: 9e549eb039b75968-IAD
date: Wed, 01 Apr 2026 03:48:44 GMT
x-cloud-trace-context: 0898777ce38da4fd18d5d4e6bb9f4907

Recommendations

Enable compression (gzip/brotli) to improve performance