HTTP Headers Analysis for https://help.venmo.com

Detected Technologies from Headers

See all in URL Inspect 5

PayPal

YouTube

CHEQ Control & Compliance

Google Analytics

Varnish

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; script-src; style-src; +9 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Present

ch-ua-platform-version=(self "https://c.paypal.com"), ch-ua-arch=(self "https://c.paypal.com"), ch-ua-wow64=(self "https://c.paypal.com"); +4 more

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)

Performance Headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Vary

Performance

Accept-Encoding, Accept-Encoding

accept-ranges: bytes
connection: close
vary: Accept-Encoding, Accept-Encoding

Caching Headers

Cache-Control

Caching

max-age=0, no-cache, no-store, must-revalidate

Etag

Caching

"p7sivoqvqt2sap"

cache-control: max-age=0, no-cache, no-store, must-revalidate
etag: "p7sivoqvqt2sap"

Content Headers

Content-Length

Content

130007

Content-Type

Content

text/html; charset=utf-8

content-length: 130007
content-type: text/html; charset=utf-8

Server Headers

No server headers found

CORS Headers

Access-Control-Expose-Headers

Cors

Server-Timing

access-control-expose-headers: Server-Timing

Cookies Headers

Set-Cookie

Cookies

set-cookie: enforce_policy=ccpa; Max-Age=31536000; Domain=.venmo.com; Path=/; Expires=Wed, 12 May 2027 13:59:41 GMT; Secure; SameSite=None
LANG=en_US%3BUS; Max-Age=31556; Path=/; Expires=Tue, 12 May 2026 22:45:37 GMT; HttpOnly; Secure; SameSite=None
x-pp-s=eyJ0IjoiMTc3ODU5NDM4MTg5MyIsImwiOiIwIiwibSI6IjAifQ; Domain=.venmo.com; Path=/; HttpOnly; Secure; SameSite=None
tsrce=venmohelpnodeweb; Domain=.paypal.com; Path=/; Expires=Fri, 15 May 2026 13:59:41 GMT; HttpOnly; SameSite=None; Secure
nsid=s%3AYSdBKTMjZyY6lcEP10iy9phyTxWTsn-x.z%2BAjO7%2FAH7IctnbLNZjjZo38D7BgiA1HZ846qPGm3Fg; Path=/; HttpOnly; Secure

Other Headers

Accept-Ch

Other

sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64

Date

Other

Tue, 12 May 2026 13:59:41 GMT

Dc

Other

ccg11-origin-www-1.paypal.com

Paypal-Debug-Id

Other

b4fdc1304c8af

Pp-Border

Other

ccg14bdrf5-5.ccg14.slc.paypalinc.com

Server-Timing

Other

"traceparent;desc="00-0000000000000000000b4fdc1304c8af-b146445cc49afe4e-01"";content-encoding;desc="",x-cdn;desc="fastly"

Timing-Allow-Origin

Other

*

Via

Other

1.1 varnish, 1.1 varnish

X-Cache

Other

MISS, MISS, MISS

X-Cache-Hits

Other

0, 0, 0

X-Edge-Control-Remove

Other

true

X-Header-Count

Other

20

X-Served-By

Other

cache-iad-kjyo7100095-IAD, cache-iad-kjyo7100095-IAD, cache-ewr-kewr1740075-EWR

X-Timer

Other

S1778594382.683547,VS0,VE260

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
date: Tue, 12 May 2026 13:59:41 GMT
dc: ccg11-origin-www-1.paypal.com
paypal-debug-id: b4fdc1304c8af
pp-border: ccg14bdrf5-5.ccg14.slc.paypalinc.com
server-timing: "traceparent;desc="00-0000000000000000000b4fdc1304c8af-b146445cc49afe4e-01"";content-encoding;desc="",x-cdn;desc="fastly"
timing-allow-origin: *
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, MISS, MISS
x-cache-hits: 0, 0, 0
x-edge-control-remove: true
x-header-count: 20
x-served-by: cache-iad-kjyo7100095-IAD, cache-iad-kjyo7100095-IAD, cache-ewr-kewr1740075-EWR
x-timer: S1778594382.683547,VS0,VE260

Recommendations

Enable compression (gzip/brotli) to improve performance