Open
Cached
·
just now
33
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000 ; includeSubDomains ; preload
Content-Security-Policy
Basic
report-uri; report-to; upgrade-insecure-requests; +8 more
report-uri https://mon.capcutapi.us/monitor_browser/collect/batch/security/?bid=cc_web_compliance&c=43&ev_type=csp&r=20&v=16; report-to csp-endpoint; upgrade-insecure-requests; default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: bytedance: data: wss://*.us.capcut.com *.adtrafficquality.google *.bing.com *.bing.net *.capcutapi.us *.capcutcdn-us.com *.capcutw.us *.clarity.ms *.doubleclick.net *.facebook.com *.facebook.net *.giphy.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.tiktokcdn-us.com *.tiktokv.us *.tiktokw.us *.ttcdn-us.com *.us.capcut.com appleid.cdn-apple.com dreamina.capcut.com ep2.adtrafficquality.google facebook.com google.com login-row.www.capcut.com www.capcut.com www.tiktok.com; connect-src 'self' blob: bytedance: data: http://localhost:* https://localhost:* wss://*.us.capcut.com *.adtrafficquality.google *.bing.com *.bing.net *.capcutapi.us *.capcutcdn-us.com *.capcutw.us *.clarity.ms *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.pipopay.com *.pipopayment.com *.pipopayment.us *.run.app *.tiktokcdn-us.com *.tiktokv.us *.tiktokw.us *.twitter.com *.us.capcut.com dreamina.capcut.com login-row.www.capcut.com www.capcut.com www.tiktok.com; frame-src 'self' bytedance: *.capcutw.us *.facebook.com *.google.com *.googletagmanager.com *.instagram.com *.x.com *.youtube.com capcut-yt.onelink.me dreamina.capcut.com ep2.adtrafficquality.google googleads.g.doubleclick.net media-evercloud.capcutapi.us td.doubleclick.net www.capcut.com www.tiktok.com; object-src 'none'; script-src 'inline-speculation-rules' 'report-sample' 'self' 'unsafe-eval' 'wasm-unsafe-eval' *.bing.com *.capcutcdn-us.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googlesyndication.com *.googletagmanager.com *.tiktokcdn-us.com appleid.cdn-apple.com ep2.adtrafficquality.google googleads.g.doubleclick.net scripts.clarity.ms www.clarity.ms www.gstatic.com; worker-src 'self'; base-uri 'none'; frame-ancestors 'self' bytedance: dreamina.capcut.com www.capcut.com www.pippit.ai
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Connection
Performance
Transfer-Encoding
Transfer-Encoding
Performance
chunked
Caching Headers
3 headers
Cache-Control
Caching
max-age=0, no-cache, no-store
Expires
Caching
Wed, 28 Jan 2026 14:51:01 GMT
Pragma
Caching
no-cache
Content Headers
2 headers
Content-Language
Content
en
Content-Type
Content
text/html; charset=UTF-8
Server Headers
2 headers
Server
Server
nginx
X-Powered-By
Server
Goofy Node
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
_tea_web_id=7600425024033670669; expires=Thu, 29 Jan 2026 14:51:01 GMT; path=/
Other Headers
18 headers
Agw-Web-Common
Other
1
Date
Other
Wed, 28 Jan 2026 14:51:01 GMT
Document-Policy
Other
force-load-at-top; report-to=slardar-endpoint
Reporting-Endpoints
Other
csp-endpoint="https://mon.capcutapi.us/monitor_browser/collect/batch/security/?bid=cc_web_compliance"
Server-Timing
Other
cdn-cache; desc=MISS, edge; dur=0, origin; dur=120
To-Env
Other
X-Akamai-Request-Id
Other
42075451
X-Bytefaas-Execution-Duration
Other
72.96
X-Bytefaas-Request-Id
Other
20260128145101FF2B54EB6ABD7FAAA4BA
X-Cache
Other
TCP_MISS from a23-53-12-176.deploy.akamaitechnologies.com (AkamaiGHost/22.4.0.1-936f61a0f9f4a4fdf0fa53932a9b1fb9) (-)
X-Gw-Dst-Psm
Other
growth.capcut.dreamina_home
X-Modernjs-Render
Other
server
X-Origin-Response-Time
Other
120,23.53.12.176
X-Tt-Agw-Login
Other
0
X-Tt-Logid
Other
20260128145101FF2B54EB6ABD7FAAA4BA
X-Tt-Trace-Host
Other
0190997857ce7b941a315526e84e9ef4921aeaa664bdf15b7ba5c5206a4dbb975b6a21c864df7472a41629926d0d5c17e605cb3f48c36e16b356be52a990084ee59b3ea30ac8fc4fcb7ab81052bc0cd7c95409a027f618527943d1645152d9c10d
X-Tt-Trace-Id
Other
00-260128145101FF2B54EB6ABD7FAAA4BA-67979DD733E60BE2-00
X-Tt-Trace-Tag
Other
id=16;cdn-cache=miss;type=dyn
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology