HTTP Headers Analysis for https://gettyimages.de

Detected Technologies from Headers

See all in URL Inspect 1

AWS CloudFront

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=2592000

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

connection: close
transfer-encoding: chunked
vary: Accept-Encoding

Caching Headers

Cache-Control

Caching

max-age=0, private, must-revalidate

Etag

Caching

W/"4b36f208603a4cfffdd6db46ee8f16ef"

cache-control: max-age=0, private, must-revalidate
etag: W/"4b36f208603a4cfffdd6db46ee8f16ef"

Content Headers

Content-Type

Content

text/html; charset=utf-8

content-type: text/html; charset=utf-8

Server Headers

X-Runtime

Server

0.096345

x-runtime: 0.096345

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: unisess=ICSFWhZna5fpkqJASuQh625zSPFpi8yjAqOfzL5%2FZgKpgXRLDpFxDIufZah%2FvbMKHnHeF3nE5s4myMjbKnnLO56VHLLU6EETVB369%2BWeRwxfmVuem5rQwxan6FsTPISr6MZG3s3HN4IdnPhQ%2BLMrn%2BHw%2FJDSnkbZVItZ6ISWU4mh6BnodxO3hGyqps7%2BLLo%3D--dXCFzt1RR2Q1sN5S--HI0ywx576Db4Y9e1Kjpjkw%3D%3D; path=/; secure; HttpOnly; SameSite=Lax
giu=nv=1&lv=2026-05-06T06%3A41%3A40Z; path=/; expires=Sun, 06 May 2046 06:41:40 -0000; secure; HttpOnly
vis=vid=68dafd3b-a5d3-480d-ab34-a52742d19ec7; domain=.gettyimages.de; path=/; expires=Sun, 06 May 2046 06:41:40 -0000; secure
uac=t=yBWxvFc%2FbSuc%2BOb9Bw8S2GT1PKQKVLnoQoO3lOp5hkepnEGLatgyYnUIL21BnlGRL1s3eu%2BU1YYu2KxBlgQdL%2FspAfT%2Bl6ifEJc%2BO3RIoi%2B5EC8X40I7N2TWnw2zHVSobj1u59jN%2Fu2tkkRAEE1NmuuqC9qnvPSR5RGRRf7KY%2Bg%3D%7C77u%2FQW5qbzhUUldwMXpnTzlzWDVmWDUKMTAwCgpKSFRjSEE9PQpMSHZjSEE9PQowCgoKMAoxMDAKCjEwMAowCjY4ZGFmZDNiLWE1ZDMtNDgwZC1hYjM0LWE1Mjc0MmQxOWVjNwoK%7C3%7C4%7C1&d; path=/; expires=Sun, 06 May 2046 06:41:40 -0000; secure; HttpOnly
csrf=t=g2M5FtbxM7gDTcyj6A3uSPJU62Zh5vwi5ZBYxVENVYU%3D; path=/; expires=Sun, 06 May 2046 06:41:40 -0000; secure; HttpOnly

Other Headers

Date

Other

Wed, 06 May 2026 06:41:40 GMT

Selected-Fe

Other

getty_frontend

Via

Other

1.1 b0785dd15b9c7ed21cde8fa5e473d0a2.cloudfront.net (CloudFront)

X-Amz-Cf-Id

Other

hscPWHFA7BQBaRScz5owW13GjMXtp9KsupzMMPfH1oeazYrFuE26xQ==

X-Amz-Cf-Pop

Other

IAD61-P1

X-Backend

Other

app_landing

X-Cache

Other

Miss from cloudfront

X-Download-Options

Other

noopen

X-Permitted-Cross-Domain-Policies

Other

none

X-Proxy-Build

Other

3328826

X-Request-Id

Other

0A3309A2-BC88_0A337062-01BB_69FAE2A4_EB45F16-100F-69

X-Timing-Wait

Other

28/0/0/98

date: Wed, 06 May 2026 06:41:40 GMT
selected-fe: getty_frontend
via: 1.1 b0785dd15b9c7ed21cde8fa5e473d0a2.cloudfront.net (CloudFront)
x-amz-cf-id: hscPWHFA7BQBaRScz5owW13GjMXtp9KsupzMMPfH1oeazYrFuE26xQ==
x-amz-cf-pop: IAD61-P1
x-backend: app_landing
x-cache: Miss from cloudfront
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-proxy-build: 3328826
x-request-id: 0A3309A2-BC88_0A337062-01BB_69FAE2A4_EB45F16-100F-69
x-timing-wait: 28/0/0/98

Recommendations

Enable compression (gzip/brotli) to improve performance