HTTP Headers Analysis for https://eiger.io

Open Cached · 5h ago

23 Headers

Detected Technologies from Headers

See all in URL Inspect 18

Adobe Fonts (Typekit)

AWS

AWS CloudFront

Amazon S3

Cloudflare CDNJS

Datadog

Google Analytics

Google Cloud Storage

Google DoubleClick

Google Fonts

Google Tag Manager

Intercom

Osano

Pendo

Stripe

Vimeo

Wistia

YouTube

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=15552000; includeSubDomains

Content-Security-Policy

Basic

report-uri; script-src; style-src; +9 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Excellent

Deny

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

Vary

Performance

Accept-Encoding

connection: close
vary: Accept-Encoding

Caching Headers

Etag

Caching

W/"519c-oDp2hHiXQWFvP/XGxEcVISrCweA"

etag: W/"519c-oDp2hHiXQWFvP/XGxEcVISrCweA"

Content Headers

Content-Length

Content

20892

Content-Type

Content

text/html; charset=utf-8

content-length: 20892
content-type: text/html; charset=utf-8

Server Headers

No server headers found

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

set-cookie: _csrf=1HdkChTbU0Yh3h6iMTWqwWax; Path=/; HttpOnly; Secure; SameSite=Strict
XSRF-TOKEN=nmCDfMXa-iHEAOK1IwUOOhQBOiOPxzAC1WMs; Path=/; Secure

Other Headers

Date

Other

Sat, 02 May 2026 23:10:14 GMT

Via

Other

1.1 03b64d1ce32a0f3adb02ed474d405102.cloudfront.net (CloudFront)

X-Amz-Cf-Id

Other

5Ss7s5fHrBMZ0oNWOinuXg6mA5YRn_rBpTaMvXbanZsw0Vj_S9ZrXg==

X-Amz-Cf-Pop

Other

IAD61-P6

X-Cache

Other

Miss from cloudfront

X-Content-Security-Policy

Other

report-uri /api/report-csp-violation; script-src 'self' 'wasm-unsafe-eval' cdn.eiger.io cdn.dev.eiger.io cmp.osano.com consent.api.osano.com disclosure.api.osano.com tattle.api.osano.com *.google-analytics.com *.googletagmanager.com app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-5533347562455040.storage.googleapis.com data.pendo.io widget.intercom.io app.intercom.io js.intercomcdn.com content.product.eiger.io data.product.eiger.io tagmanager.google.com use.typekit.net performance.typekit.com cdnjs.cloudflare.com js.stripe.com connect-js.stripe.com www.datadoghq-browser-agent.com 'sha256-1eJArrmrWAFkIw+mfskp4IYAwyLTHlG7k2ticca+J/Y=' 'nonce-74a40fbf-7480-4547-b1d8-89612c1e87a8'; style-src 'self' 'unsafe-inline' cdn.eiger.io cdn.dev.eiger.io tagmanager.google.com *.googletagmanager.com fonts.googleapis.com use.typekit.net app.pendo.io cdn.pendo.io pendo-static-5533347562455040.storage.googleapis.com content.product.eiger.io data.product.eiger.io; font-src 'self' cdn.eiger.io cdn.dev.eiger.io use.typekit.net fonts.gstatic.com data: https://js.intercomcdn.com https://fonts.intercomcdn.com; connect-src 'self' cmp.osano.com consent.api.osano.com disclosure.api.osano.com tattle.api.osano.com stats.g.doubleclick.net/ s3.amazonaws.com/mfmatterhorn/ s3.amazonaws.com/mfvesuvius/ s3.amazonaws.com/mf-k2/ cognito-idp.us-east-1.amazonaws.com cdn.eiger.io/ cdn.dev.eiger.io/ performance.typekit.net app.pendo.io data.pendo.io pendo-static-5533347562455040.storage.googleapis.com https://via.intercom.io https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://*.intercom-messenger.com wss://*.intercom-messenger.com content.product.eiger.io data.product.eiger.io *.google-analytics.com *.browser-intake-datadoghq.com status.eiger.io js.stripe.com connect-js.stripe.com mfeiger-production.s3.amazonaws.com mf-search-images-production.s3.amazonaws.com mf-smartslice.s3.amazonaws.com performance.typekit.net wss://www.eiger.io; img-src 'self' data: cdn.eiger.io cdn.dev.eiger.io p.typekit.net data.pendo.io cdn.pendo.io app.pendo.io pendo-static-5533347562455040.storage.googleapis.com data.pendo.io content.product.eiger.io data.product.eiger.io blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com *.google-analytics.com *.googletagmanager.com fonts.gstatic.com stats.g.doubleclick.net mfeiger-production.s3.amazonaws.com mf-search-images-production.s3.amazonaws.com cdn.eiger.io; frame-src app.pendo.io *.googletagmanager.com js.stripe.com connect-js.stripe.com cmp.osano.com consent.api.osano.com disclosure.api.osano.com tattle.api.osano.com player.vimeo.com *.youtube.com; child-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; frame-ancestors app.pendo.io; form-action 'self' app.pendo.io https://intercom.help https://api-iam.intercom.io *.eiger.io *.markforged.com https://markforged--uat.sandbox.my.site.com http://localhost:3030; media-src 'self' cdn.eiger.io cdn.dev.eiger.io https://js.intercomcdn.com; worker-src 'self' blob:

X-Dns-Prefetch-Control

Other

off

X-Download-Options

Other

noopen

X-Ratelimit-Limit

Other

100

X-Ratelimit-Remaining

Other

X-Ratelimit-Reset

Other

1777763475

X-Webkit-Csp

Other

date: Sat, 02 May 2026 23:10:14 GMT
via: 1.1 03b64d1ce32a0f3adb02ed474d405102.cloudfront.net (CloudFront)
x-amz-cf-id: 5Ss7s5fHrBMZ0oNWOinuXg6mA5YRn_rBpTaMvXbanZsw0Vj_S9ZrXg==
x-amz-cf-pop: IAD61-P6
x-cache: Miss from cloudfront
x-content-security-policy: report-uri /api/report-csp-violation; script-src 'self' 'wasm-unsafe-eval' cdn.eiger.io cdn.dev.eiger.io cmp.osano.com consent.api.osano.com disclosure.api.osano.com tattle.api.osano.com *.google-analytics.com *.googletagmanager.com app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-5533347562455040.storage.googleapis.com data.pendo.io widget.intercom.io app.intercom.io js.intercomcdn.com content.product.eiger.io data.product.eiger.io tagmanager.google.com use.typekit.net performance.typekit.com cdnjs.cloudflare.com js.stripe.com connect-js.stripe.com www.datadoghq-browser-agent.com 'sha256-1eJArrmrWAFkIw+mfskp4IYAwyLTHlG7k2ticca+J/Y=' 'nonce-74a40fbf-7480-4547-b1d8-89612c1e87a8'; style-src 'self' 'unsafe-inline' cdn.eiger.io cdn.dev.eiger.io tagmanager.google.com *.googletagmanager.com fonts.googleapis.com use.typekit.net app.pendo.io cdn.pendo.io pendo-static-5533347562455040.storage.googleapis.com content.product.eiger.io data.product.eiger.io; font-src 'self' cdn.eiger.io cdn.dev.eiger.io use.typekit.net fonts.gstatic.com data: https://js.intercomcdn.com https://fonts.intercomcdn.com; connect-src 'self' cmp.osano.com consent.api.osano.com disclosure.api.osano.com tattle.api.osano.com stats.g.doubleclick.net/ s3.amazonaws.com/mfmatterhorn/ s3.amazonaws.com/mfvesuvius/ s3.amazonaws.com/mf-k2/ cognito-idp.us-east-1.amazonaws.com cdn.eiger.io/ cdn.dev.eiger.io/ performance.typekit.net app.pendo.io data.pendo.io pendo-static-5533347562455040.storage.googleapis.com https://via.intercom.io https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://*.intercom-messenger.com wss://*.intercom-messenger.com content.product.eiger.io data.product.eiger.io *.google-analytics.com *.browser-intake-datadoghq.com status.eiger.io js.stripe.com connect-js.stripe.com mfeiger-production.s3.amazonaws.com mf-search-images-production.s3.amazonaws.com mf-smartslice.s3.amazonaws.com performance.typekit.net wss://www.eiger.io; img-src 'self' data: cdn.eiger.io cdn.dev.eiger.io p.typekit.net data.pendo.io cdn.pendo.io app.pendo.io pendo-static-5533347562455040.storage.googleapis.com data.pendo.io content.product.eiger.io data.product.eiger.io blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com *.google-analytics.com *.googletagmanager.com fonts.gstatic.com stats.g.doubleclick.net mfeiger-production.s3.amazonaws.com mf-search-images-production.s3.amazonaws.com cdn.eiger.io; frame-src app.pendo.io *.googletagmanager.com js.stripe.com connect-js.stripe.com cmp.osano.com consent.api.osano.com disclosure.api.osano.com tattle.api.osano.com player.vimeo.com *.youtube.com; child-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; frame-ancestors app.pendo.io; form-action 'self' app.pendo.io https://intercom.help https://api-iam.intercom.io *.eiger.io *.markforged.com https://markforged--uat.sandbox.my.site.com http://localhost:3030; media-src 'self' cdn.eiger.io cdn.dev.eiger.io https://js.intercomcdn.com; worker-src 'self' blob:
x-dns-prefetch-control: off
x-download-options: noopen
x-ratelimit-limit: 100
x-ratelimit-remaining: 99
x-ratelimit-reset: 1777763475
x-webkit-csp: report-uri /api/report-csp-violation; script-src 'self' 'wasm-unsafe-eval' cdn.eiger.io cdn.dev.eiger.io cmp.osano.com consent.api.osano.com disclosure.api.osano.com tattle.api.osano.com *.google-analytics.com *.googletagmanager.com app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-5533347562455040.storage.googleapis.com data.pendo.io widget.intercom.io app.intercom.io js.intercomcdn.com content.product.eiger.io data.product.eiger.io tagmanager.google.com use.typekit.net performance.typekit.com cdnjs.cloudflare.com js.stripe.com connect-js.stripe.com www.datadoghq-browser-agent.com 'sha256-1eJArrmrWAFkIw+mfskp4IYAwyLTHlG7k2ticca+J/Y=' 'nonce-74a40fbf-7480-4547-b1d8-89612c1e87a8'; style-src 'self' 'unsafe-inline' cdn.eiger.io cdn.dev.eiger.io tagmanager.google.com *.googletagmanager.com fonts.googleapis.com use.typekit.net app.pendo.io cdn.pendo.io pendo-static-5533347562455040.storage.googleapis.com content.product.eiger.io data.product.eiger.io; font-src 'self' cdn.eiger.io cdn.dev.eiger.io use.typekit.net fonts.gstatic.com data: https://js.intercomcdn.com https://fonts.intercomcdn.com; connect-src 'self' cmp.osano.com consent.api.osano.com disclosure.api.osano.com tattle.api.osano.com stats.g.doubleclick.net/ s3.amazonaws.com/mfmatterhorn/ s3.amazonaws.com/mfvesuvius/ s3.amazonaws.com/mf-k2/ cognito-idp.us-east-1.amazonaws.com cdn.eiger.io/ cdn.dev.eiger.io/ performance.typekit.net app.pendo.io data.pendo.io pendo-static-5533347562455040.storage.googleapis.com https://via.intercom.io https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://*.intercom-messenger.com wss://*.intercom-messenger.com content.product.eiger.io data.product.eiger.io *.google-analytics.com *.browser-intake-datadoghq.com status.eiger.io js.stripe.com connect-js.stripe.com mfeiger-production.s3.amazonaws.com mf-search-images-production.s3.amazonaws.com mf-smartslice.s3.amazonaws.com performance.typekit.net wss://www.eiger.io; img-src 'self' data: cdn.eiger.io cdn.dev.eiger.io p.typekit.net data.pendo.io cdn.pendo.io app.pendo.io pendo-static-5533347562455040.storage.googleapis.com data.pendo.io content.product.eiger.io data.product.eiger.io blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com *.google-analytics.com *.googletagmanager.com fonts.gstatic.com stats.g.doubleclick.net mfeiger-production.s3.amazonaws.com mf-search-images-production.s3.amazonaws.com cdn.eiger.io; frame-src app.pendo.io *.googletagmanager.com js.stripe.com connect-js.stripe.com cmp.osano.com consent.api.osano.com disclosure.api.osano.com tattle.api.osano.com player.vimeo.com *.youtube.com; child-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; frame-ancestors app.pendo.io; form-action 'self' app.pendo.io https://intercom.help https://api-iam.intercom.io *.eiger.io *.markforged.com https://markforged--uat.sandbox.my.site.com http://localhost:3030; media-src 'self' cdn.eiger.io cdn.dev.eiger.io https://js.intercomcdn.com; worker-src 'self' blob:

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching