HTTP Headers Analysis for https://globalhookah.com

Detected Technologies from Headers

See all in URL Inspect 35

UserWay

AWS CloudFront

Google Maps Criteo

Google Tag Manager

Google reCAPTCHA HubSpot Forms HubSpot Feedback & Surveys

Google DoubleClick

Google Analytics

New Relic Basis Technologies

Google Static File Front End

Next.js

Hotjar

Yotpo

Klaviyo

CookieFirst

HubSpot Analytics

unpkg

Google Search

Nginx

Facebook

Amazon S3

GitHub

AddToAny

AWS

Vimeo

Google Optimize

Zoho Mail

HubSpot

YouTube

HubSpot Live Chat

jsDelivr

Google Cloud

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31557600

Content-Security-Policy

Basic

object-src; script-src; report-uri Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

origin, no-referrer, no-referrer-when-downgrade, origin-when-cross-origin, same-origin, strict-origin, strict-origin-when-cross-origin, unsafe-url

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

connection: close
transfer-encoding: chunked
vary: Accept-Encoding

Caching Headers

Age

Caching

42523

Cache-Control

Caching

s-maxage=14400, stale-while-revalidate=31521600

Etag

Caching

"mnm1l8vcw19dqb"

age: 42523
cache-control: s-maxage=14400, stale-while-revalidate=31521600
etag: "mnm1l8vcw19dqb"

Content Headers

Content-Type

Content

text/html; charset=utf-8

content-type: text/html; charset=utf-8

Server Headers

Server

nginx

X-Powered-By

Server

Next.js

server: nginx
x-powered-by: Next.js

CORS Headers

No CORS headers found

Cookies Headers

No cookies headers found

Other Headers

Date

Other

Fri, 20 Feb 2026 08:01:38 GMT

Via

Other

1.1 909ec3586e2eba60d35c2f3468905558.cloudfront.net (CloudFront)

X-Amz-Cf-Id

Other

DOBiY0bM_ggGho7HxVtNcapnn-NRBvH_zK61JZYvSjwdXAqCU7rgCA==

X-Amz-Cf-Pop

Other

JFK50-P7

X-Cache

Other

Hit from cloudfront

X-Nextjs-Cache

Other

HIT

X-Store-Code

Other

hookah_b2b

date: Fri, 20 Feb 2026 08:01:38 GMT
via: 1.1 909ec3586e2eba60d35c2f3468905558.cloudfront.net (CloudFront)
x-amz-cf-id: DOBiY0bM_ggGho7HxVtNcapnn-NRBvH_zK61JZYvSjwdXAqCU7rgCA==
x-amz-cf-pop: JFK50-P7
x-cache: Hit from cloudfront
x-nextjs-cache: HIT
x-store-code: hookah_b2b

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology