HTTP Headers Analysis for https://hopper.com

Detected Technologies from Headers

See all in URL Inspect 1

Envoy

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer

Permissions-Policy

Present

geolocation=(), microphone=()

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Add Content-Security-Policy header to prevent XSS attacks

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding

connection: close
transfer-encoding: chunked
vary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding

Caching Headers

Cache-Control

Caching

private, no-cache, no-store, max-age=0, must-revalidate

cache-control: private, no-cache, no-store, max-age=0, must-revalidate

Content Headers

Content-Type

Content

text/html; charset=utf-8

content-type: text/html; charset=utf-8

Server Headers

Server

istio-envoy

server: istio-envoy

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: X-Device-Id=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJjbGllbnQtaXAiOiIxNTIuMjMzLjQyLjIwMSIsImNsaWVudC11c2VyLWFnZW50IjoibWludC8xLjcuMSJ9.1Qs8LtDZEsMkllbR2S-XR17u_KkXnOPSEpNDngUFUaQl5wqfDKW0SXSxDD1I41vN-21qetwksk7DrRAjjxmp0Q; Path=/; Expires=Tue, 04 May 2027 23:56:32 GMT; Max-Age=31536000; Secure
refresh_token=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT
Hopper-Refresh=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzaWQiOiIzYmI4ZWE0ZS00YzUwLTQ3OTQtYTI5ZS1lYjQ2MTAwNTBlNmIiLCJub25jZSI6LTY0NjMyNTM2ODkwNTg5ODEwMzksInZlcnNpb24iOjJ9.qGLwL31aGDFtu3QcSfwkf0fet6ZeYVqKiztVQ5qWkubPGjN--NrfqgQ3LxYc_fvSaeADqBPDzkymGul7Hg02Pg; Path=/; Expires=Tue, 04 May 2027 23:56:32 GMT; Max-Age=31536000; Secure
browserSessionId=e826d971-41bd-400e-bbcd-c8d73fe2d7eb; Path=/
sessionId=50b0160e-8705-41e1-a3b5-d415ac1d6b82%2F1777938992722; Path=/; Expires=Tue, 05 May 2026 00:11:32 GMT; Max-Age=900
Hopper-Refresh=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzaWQiOiIzYmI4ZWE0ZS00YzUwLTQ3OTQtYTI5ZS1lYjQ2MTAwNTBlNmIiLCJub25jZSI6LTY0NjMyNTM2ODkwNTg5ODEwMzksInZlcnNpb24iOjJ9.qGLwL31aGDFtu3QcSfwkf0fet6ZeYVqKiztVQ5qWkubPGjN--NrfqgQ3LxYc_fvSaeADqBPDzkymGul7Hg02Pg; Max-Age=31536000; Expires=Tue, 04 May 2027 23:56:32 GMT; Path=/; Secure; HTTPOnly; SameSite=None
refresh_token=; Max-Age=-86400; Expires=Sun, 03 May 2026 23:56:32 GMT; Path=/; Secure; HTTPOnly; SameSite=None
Hopper-Session=eyJraWQiOiJ2MSIsImFsZyI6IkVTMjU2IiwidHlwIjoiSldUIn0.eyJzaWQiOiIzYmI4ZWE0ZS00YzUwLTQ3OTQtYTI5ZS1lYjQ2MTAwNTBlNmIiLCJub25jZSI6LTYxNDkyMDU0ODI4NzU4MDY5MTgsInZlcnNpb24iOjUsInRlbmFudF9pZCI6ImhvcHBlci1hcHAiLCJ1c2VyX3N0YXR1cyI6ImFub255bW91cyIsImV4cCI6MTc3ODAyNTM5Mn0.7A-qajHuD6Eq2Lim14WqZbbrQ6MnxWY45AjuM5TbzF7EmoHLKXCYTT-nVwCrjeUtQgqOA4QJ9DCOSd0PzlrJvw; Max-Age=86400; Expires=Tue, 05 May 2026 23:56:32 GMT; Path=/; Secure; HTTPOnly; SameSite=None

Other Headers

Alt-Svc

Other

h3=":443"; ma=2592000

Date

Other

Mon, 04 May 2026 23:56:33 GMT

Link

Other

URL https://seo-cdn.hopper.com

rel=preconnect

URL /_next/static/css/2985f05f597eeab7.css

rel=preload as=style

URL /_next/static/css/c490fbeb0fc5eee3.css

rel=preload as=style

Via

Other

1.1 google

X-Envoy-Upstream-Service-Time

Other

331

X-Middleware-Rewrite

Other

/en/

alt-svc: h3=":443"; ma=2592000
date: Mon, 04 May 2026 23:56:33 GMT
link: <https://seo-cdn.hopper.com>; rel="preconnect", </_next/static/css/2985f05f597eeab7.css>; rel=preload; as="style", </_next/static/css/c490fbeb0fc5eee3.css>; rel=preload; as="style"
via: 1.1 google
x-envoy-upstream-service-time: 331
x-middleware-rewrite: /en/

Recommendations

Enable compression (gzip/brotli) to improve performance