HTTP Headers Analysis for https://firstsize.com

Detected Technologies from Headers

See all in URL Inspect 3

Akamai

AWS Active incidents

Envoy

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=15552000

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Present

same-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

connection: close

Caching Headers

No caching headers found

Content Headers

Content-Length

Content

7161

Content-Type

Content

text/html; charset=UTF-8

content-length: 7161
content-type: text/html; charset=UTF-8

Server Headers

Server

istio-envoy

server: istio-envoy

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: _mcid=1.2f41b349944557218cddbf8d72f1193a.bb8ce6cb4d7469006970cf6d7ee39608c666fca102a67d0fa76b797a5b3fdb6b; expires=Thu, 27 May 2027 07:10:17 GMT; Max-Age=31536000; path=/
_mc_anon_id=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
_abck=FC2D13B698BEEEF49C939A23C48BFCF8~-1~YAAQ4AwDF4cteESeAQAAaRJFaA9GivgAFQwV1eA1jOE7Ow2feK/G4WnXgwyabO/8xUeQMmRVL9Yg5bGXnfOs0s4T0LYS3Z0AzXSs3jSHosKahEz4eNxV7anlczGLxXkQx0KPvGPcTSOeJabyNdtcfS5Nxq2bSb0RFm66npbiei7PuqIh5Dp2NtYdo5YKUrmtuudJHgr3aV3XH5pJjbhyVkrJ1cVCCwyctPeKLcwDUj+crSfHAE18DH7MWajoWuBn87tNNkYP7TqdUAFg8pBo0mVIoha+RUogRsWNT/5CTPxAPiyivKb8+VvYF28Qe9Hnn/NNQCJlFRC3f0S7f3yqy54CiohLVCri70MZLgOJRa5bwrnjQ+gHWVSfvyZplhpDStqIqvGUSDVq1ZzEKNutwcfMcyTmCsz2UaLiw5/DdV7bJsvQH2ogLhtxf7UAQZHaC1WQm4wvntr8Nw==~-1~-1~-1~-1~-1; Domain=.list-manage.com; Path=/; Expires=Thu, 27 May 2027 07:10:17 GMT; Max-Age=31536000; Secure
bm_sz=F0E2EF7F6331EE02C26347C81F62F5A6~YAAQ4AwDF4gteESeAQAAaRJFaB9hUrQmjOwhqXtWX2Caf9gHHwIoibXPM/LSwHVRPitzdPs43IqtI68bN9RQDAzVIrvnLLVasV21URS8kdarcn22eEyDMjXz0v1swHnhV1DGXsjZBcymiWRyDCzR7qUcLGfNNpi/d6dML27ta/So9j+b9PS2aYS+lkikuL9ZwyMosPyIzb1ohJ+2d563Ksz+f2FaMohSgbkalmWvMWKCBawX3sdP7zKZfg6sZBXm0LEg06lpGfiluvdifhEshUEhikYj0bjface7miNGpApoQYzejRkkEunVaxEBAJqQWTGlBTbcXYIcyn9DuVGB49TMK/SLbUOm2sWSCbAeBJAL8CE=~3749188~4273974; Domain=.list-manage.com; Path=/; Expires=Wed, 27 May 2026 11:10:17 GMT; Max-Age=14400

Other Headers

Date

Other

Wed, 27 May 2026 07:10:17 GMT

Intuit_tid

Other

1-6a1698d9-0e2f30316af0f55e771b4bd5

X-Akamai-Transformed

Other

0 - 0 -

X-Amzn-Trace-Id

Other

Root=1-6a1698d9-0e2f30316af0f55e771b4bd5

X-Envoy-Decorator-Operation

Other

http-interposer-desired-service.mailchimp-cloud-httpinterposer-use2-prd-m2.svc.cluster.local:8090/*

X-Envoy-Upstream-Service-Time

Other

161

X-Intuit-Upstream-Locality-Region

Other

us-east-2

X-Request-Id

Other

1-6a1698d9-0e2f30316af0f55e771b4bd5

X-Spanid

Other

860aab2d-d4a1-870a-0691-7c03802b6a66

X-Ua-Compatible

Other

IE=edge,chrome=1

date: Wed, 27 May 2026 07:10:17 GMT
intuit_tid: 1-6a1698d9-0e2f30316af0f55e771b4bd5
x-akamai-transformed: 0 - 0 -
x-amzn-trace-id: Root=1-6a1698d9-0e2f30316af0f55e771b4bd5
x-envoy-decorator-operation: http-interposer-desired-service.mailchimp-cloud-httpinterposer-use2-prd-m2.svc.cluster.local:8090/*
x-envoy-upstream-service-time: 161
x-intuit-upstream-locality-region: us-east-2
x-request-id: 1-6a1698d9-0e2f30316af0f55e771b4bd5
x-spanid: 860aab2d-d4a1-870a-0691-7c03802b6a66
x-ua-compatible: IE=edge,chrome=1

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching