HTTP Headers Analysis for https://hosts.hopper.com

Detected Technologies from Headers

See all in URL Inspect 10

Datadog

Envoy

Google API JS Client

Google Search

Google Static File Front End

Kustomer

LaunchDarkly

Loom

Storyblok

Google Cloud

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Basic

script-src; worker-src; frame-src; +1 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

connection: close

Caching Headers

Cache-Control

Caching

no-cache

Last-Modified

Caching

Thu, 01 Jan 1970 00:00:01 GMT

cache-control: no-cache
last-modified: Thu, 01 Jan 1970 00:00:01 GMT

Content Headers

Content-Length

Content

1204

Content-Type

Content

text/html

content-length: 1204
content-type: text/html

Server Headers

Server

istio-envoy

server: istio-envoy

CORS Headers

No CORS headers found

Cookies Headers

No cookies headers found

Other Headers

Alt-Svc

Other

h3=":443"; ma=2592000

Date

Other

Sat, 09 May 2026 04:54:06 GMT

Via

Other

1.1 google

X-Envoy-Upstream-Service-Time

Other

1

alt-svc: h3=":443"; ma=2592000
date: Sat, 09 May 2026 04:54:06 GMT
via: 1.1 google
x-envoy-upstream-service-time: 1

Recommendations

Enable compression (gzip/brotli) to improve performance