HTTP Headers Analysis for https://ebay.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers

Connection

Performance

Transfer-Encoding

Performance

chunked

Caching Headers

0 headers

No caching headers found

Content Headers

1 headers

Content-Type

Content

text/html;charset=UTF-8

Server Headers

1 headers

Server

ebay-proxy-server

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

__deba=D_rP9ma5kKg2fFdztWccz3X4CIHwPYzNUKYu7n5oiRX8UUbcMjpZjpXOU4tN6uP_XR8UW1J2_XMwSXzXGqPFGBk9b3fbivRcK2I33KBmjKvoIxUutOATMhljytcUcW6jMQl29JXs8ssbEdDVn1H1SA==; HttpOnly; Secure; Path=/; Domain=.ebay.com; Expires=Sat, 2 May 2026 02:15:02 UTC

Other Headers

5 headers

Accept-Ch

Other

sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-platform-version

Content-Security-Policy-Report-Only

Other

style-src 'self' 'unsafe-inline' data: *.ebay.com *.ebaystatic.com *.ebaystatic.cn *.gstatic.com *.fontawesome.com blob: *.googleapis.com; connect-src 'self' *.ebay.com *.ebaystatic.com data: *.google-analytics.com *.doubleclick.net *.avalon.perfdrive.com *.ebayimg.com *.ucweb.com *.akamaihd.net *.ucads.ucweb.com *.analytics.google.com *.g.doubleclick.net *.googletagmanager.com *.pinterest.com *.snapchat.com *.criteo.com *.facebook.com *.googleapis.com *.googleadservices.com blob: analytics.google.com *.us.shoplive.cloud www.facebook.com *.bing.com www.googletagmanager.com google.com *.google.com *.graphitevault.com *.amplitude.com wss://127.0.0.1:* www.redditstatic.com *.reddit.com *.quantummetric.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://* blob: data:; frame-ancestors 'self' *.ebay.com *.ebaystatic.com; img-src 'self' data: blob: https://*; default-src 'self' blob: data: wss: mediastream: https://*; report-uri https://monitor.ebay.com/csp-report/discoveryplatformweb/HomePage?id=2939504940913871808&rid=t6gludlscuzujfwciunrce00%3C%3Dgludlscuzujfwciunrce00%2Bee%3C3d%3B231.qctp71*krlo1-19a477f175b-0x705#pd

Date

Other

Mon, 03 Nov 2025 02:15:02 GMT

Rlogid

Other

t6qjssfcjb%7B7%3C%3Dqjssfcjb%7B7%2B0%60cec6f0%3E7(rbpv40.otprn-19a477f1739-0x2705

X-Envoy-Upstream-Service-Time

Other

173

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching