HTTP Headers Analysis for https://groupondata.com

Detected Technologies from Headers

See all in URL Inspect 2

Cloudflare CDN

Envoy

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=2592000, max-age=2592000

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Present

DENY, SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding, User-Agent

connection: close
transfer-encoding: chunked
vary: Accept-Encoding, User-Agent

Caching Headers

Cache-Control

Caching

private, no-cache, no-store, max-age=0, must-revalidate

cache-control: private, no-cache, no-store, max-age=0, must-revalidate

Content Headers

Content-Type

Content

text/html; charset=utf-8

content-type: text/html; charset=utf-8

Server Headers

Server

cloudflare

server: cloudflare

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: division=washington-dc; Max-Age=31535999; Expires=Sat, 10 Apr 2027 11:52:47 GMT; Path=/; Domain=.groupon.com
user_locale=en_US; Max-Age=34186464; Expires=Tue, 11 May 2027 04:07:12 GMT; Path=/; Domain=.groupon.com; Secure
gx=next_ramp_up:treatment; Max-Age=31536000; Expires=Sat, 10 Apr 2027 11:52:48 GMT; Path=/; Domain=.groupon.com
b=04f3ba82-0129-4589-b3ba-820129258912; Max-Age=315360000; Expires=Mon, 7 Apr 2036 11:52:48 GMT; Path=/; Domain=.groupon.com
s=45c3454b-2ea8-4029-8345-4b2ea85029fd; Max-Age=1800; Expires=Fri, 10 Apr 2026 12:22:48 GMT; Path=/; Domain=.groupon.com
ell=39.04372%2C-77.48749; Max-Age=31535999; Expires=Sat, 10 Apr 2027 11:52:47 GMT; Path=/; Domain=.groupon.com
mbnxt_approuter_bucketed=0; Path=/
ipll=%7B%22lat%22%3A39.0469%2C%22lng%22%3A-77.4903%2C%22ip%22%3A%2264.34.84.120%22%2C%22country%22%3A%22US%22%2C%22city%22%3A%22Ashburn%22%2C%22state%22%3A%22VA%22%2C%22accuracyRadius%22%3A20%2C%22closestDivision%22%3A%7B%22id%22%3A%22washington-dc%22%2C%22isFallback%22%3Afalse%7D%7D; Max-Age=31535999; Expires=Sat, 10 Apr 2027 11:52:47 GMT; Path=/; Domain=.groupon.com
division_search_loc=%7B%22center%22%3A%7B%22lat%22%3A39.04372%2C%22lng%22%3A-77.48749%7D%2C%22shortName%22%3A%22Ashburn%2C%20VA%22%2C%22attributes%22%3A%7B%22division%22%3A%7B%22permalink%22%3A%22washington-dc%22%2C%22name%22%3A%22Washington%20DC%22%7D%7D%2C%22url%22%3A%22ashburn-va%22%2C%22source%22%3A%22maxmind%22%7D; Max-Age=31535999; Expires=Sat, 10 Apr 2027 11:52:47 GMT; Path=/; Domain=.groupon.com
division_name=Washington%20DC; Max-Age=31535999; Expires=Sat, 10 Apr 2027 11:52:47 GMT; Path=/; Domain=.groupon.com
sigFraudCheck=169ec6e1-c2ee-4c58-9ec6-e1c2eebc58ef; Max-Age=86400; Expires=Sat, 11 Apr 2026 11:52:48 GMT; Path=/; Domain=.groupon.com
__cf_bm=2RL_o7yIm1mdsEGRqU2bFFeppywsu_imHo_6HQ.QUzc-1775821968-1.0.1.1-S2J3pXjiEG4pnhX3i2aspUPN6EFs4AiUS6ySyYPNPBO02fFDZoIHZjfiKkAHgybvGP8QMPEYEEs_cABtpNzyIZ3Ky23ZdnM5pBef3hsjqHA; path=/; expires=Fri, 10-Apr-26 12:22:48 GMT; domain=.groupon.com; HttpOnly; Secure; SameSite=None

Other Headers

Alt-Svc

Other

h3=":443"; ma=86400

Cf-Cache-Status

Other

BYPASS

Cf-Ray

Other

9ea18c220c3799e2-IAD

Date

Other

Fri, 10 Apr 2026 11:52:48 GMT

Server-Timing

Other

rReq;dur=755, rCon;dur=0, rHdr;dur=756, hbi;dur=746, mdlw;dur=98,gIP;dur=0,gSSP;dur=242,rndr;dur=357,total;dur=711

Via

Other

HTTP/1.1 EdgeProxy,HTTP/1.1 EdgeProxy

X-B-Cookie

Other

04f3ba82-0129-4589-b3ba-820129258912

X-B3-Traceid

Other

98f1a3816b06482084a8af7cbdef0e3b

X-Destination

Other

tls_conveyor_next

X-Envoy-Upstream-Service-Time

Other

756

X-External-Request-Id

Other

true

X-Forwarded-Proto

Other

https

X-Grpn-Served-By-Pod

Other

next-pwa-app--itier--default-b87fb5777-sdw9g

X-Mtls-Upstream-Time

Other

746

X-Original-Request-Id

Other

98f1a381-6b06-4820-84a8-af7cbdef0e3b, 98f1a381-6b06-4820-84a8-af7cbdef0e3b

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

98f1a381-6b06-4820-84a8-af7cbdef0e3b,98f1a381-6b06-4820-84a8-af7cbdef0e3b

X-Request-Originated-From

Other

envoy-tls-side-car--ingress-https

X-Response-Served-From

Other

next-pwa-app--us-central1--default--conveyor-gcp-production2, routing-service--public--us-central1--default--conveyor-gcp-production2

X-S-Cookie

Other

45c3454b-2ea8-4029-8345-4b2ea85029fd

X-Signifyd-Cookie

Other

169ec6e1-c2ee-4c58-9ec6-e1c2eebc58ef

X-Ua-Compatible

Other

IE=edge,chrome=1

alt-svc: h3=":443"; ma=86400
cf-cache-status: BYPASS
cf-ray: 9ea18c220c3799e2-IAD
date: Fri, 10 Apr 2026 11:52:48 GMT
server-timing: rReq;dur=755, rCon;dur=0, rHdr;dur=756, hbi;dur=746, mdlw;dur=98,gIP;dur=0,gSSP;dur=242,rndr;dur=357,total;dur=711
via: HTTP/1.1 EdgeProxy,HTTP/1.1 EdgeProxy
x-b-cookie: 04f3ba82-0129-4589-b3ba-820129258912
x-b3-traceid: 98f1a3816b06482084a8af7cbdef0e3b
x-destination: tls_conveyor_next
x-envoy-upstream-service-time: 756
x-external-request-id: true
x-forwarded-proto: https
x-grpn-served-by-pod: next-pwa-app--itier--default-b87fb5777-sdw9g
x-mtls-upstream-time: 746
x-original-request-id: 98f1a381-6b06-4820-84a8-af7cbdef0e3b, 98f1a381-6b06-4820-84a8-af7cbdef0e3b
x-permitted-cross-domain-policies: none
x-request-id: 98f1a381-6b06-4820-84a8-af7cbdef0e3b,98f1a381-6b06-4820-84a8-af7cbdef0e3b
x-request-originated-from: envoy-tls-side-car--ingress-https
x-response-served-from: next-pwa-app--us-central1--default--conveyor-gcp-production2, routing-service--public--us-central1--default--conveyor-gcp-production2
x-s-cookie: 45c3454b-2ea8-4029-8345-4b2ea85029fd
x-signifyd-cookie: 169ec6e1-c2ee-4c58-9ec6-e1c2eebc58ef
x-ua-compatible: IE=edge,chrome=1

Recommendations

Enable compression (gzip/brotli) to improve performance