HTTP Headers Analysis for https://ebates.ca

Detected Technologies from Headers

See all in URL Inspect 1

Nginx

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=15768000 ; includeSubDomains ; preload

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close, Transfer-Encoding

Transfer-Encoding

Performance

chunked

connection: close, Transfer-Encoding
transfer-encoding: chunked

Caching Headers

Cache-Control

Caching

no-cache,no-store,max-age=0

Expires

Caching

Wed, 31 Dec 1969 23:59:59 GMT

cache-control: no-cache,no-store,max-age=0
expires: Wed, 31 Dec 1969 23:59:59 GMT

Content Headers

Content-Language

Content

en-CA

Content-Type

Content

text/html;charset=UTF-8

content-language: en-CA
content-type: text/html;charset=UTF-8

Server Headers

Server

nginx

server: nginx

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: AWSALB=THe1pdNCeusoB8+I/QRKECy3ofxY7NBJXhuHuR5QSvRr2q30tgLvUsmkLGaC3eirFzXO70HVEj+NFGv3GfBNO9VMz4foYBt1MwjYdxCBMZz46lAWY++7ubORHeUE; Expires=Sun, 17 May 2026 23:58:26 GMT; Path=/
AWSALBCORS=THe1pdNCeusoB8+I/QRKECy3ofxY7NBJXhuHuR5QSvRr2q30tgLvUsmkLGaC3eirFzXO70HVEj+NFGv3GfBNO9VMz4foYBt1MwjYdxCBMZz46lAWY++7ubORHeUE; Expires=Sun, 17 May 2026 23:58:26 GMT; Path=/; SameSite=None; Secure
route=1778457507.818.251.726195|aed9b60e62119f4d823586d56591f9c6; Path=/; HttpOnly
JSESSIONID=8E04C3766BB616D84FFAD1886A2A9EE3; Path=/; Secure; HttpOnly
event-session-id=a0253faa-f87c-45d4-9ed8-3dcad1129a5e; Max-Age=900; Expires=Mon, 11-May-2026 00:13:26 GMT; Path=/; Secure; HttpOnly
non_mem=d43c5fc3-009f-43ad-a502-2f20bbe52a6a; Max-Age=2147483647; Expires=Sat, 29-May-2094 03:12:33 GMT; Path=/; Secure; HttpOnly
express_locale=en_CA; Max-Age=2592000; Expires=Tue, 09-Jun-2026 23:58:26 GMT; Path=/; Secure

Other Headers

Date

Other

Sun, 10 May 2026 23:58:26 GMT

Request-Id

Other

3ea55b2189a40f6ecc9d7605a88bd116

X-Ua-Compatible

Other

IE=edge,chrome=1

date: Sun, 10 May 2026 23:58:26 GMT
request-id: 3ea55b2189a40f6ecc9d7605a88bd116
x-ua-compatible: IE=edge,chrome=1

Recommendations

Enable compression (gzip/brotli) to improve performance