HTTP Headers Analysis for https://huntress.io

Detected Technologies from Headers

See all in URL Inspect 22

AWS CloudFront

Gravatar

Amplitude

Amazon S3

Azure Blob Storage

Bugsnag

Canny

Datadog

Google Analytics

Google Fonts

Google reCAPTCHA

Google Search

Google Static File Front End

Google Tag Manager

jsDelivr

Nginx

Osano

Pusher

Stadia Maps

Stripe

Zendesk

Google Cloud

HTTP Security Headers

Status

Strict-Transport-Security

Weak

max-age=0

Content-Security-Policy

Good

report-uri; default-src; font-src; +8 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Strengthen CSP by removing 'unsafe-eval'
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

connection: close

Caching Headers

Cache-Control

Caching

max-age=0, private, must-revalidate

Etag

Caching

W/"d97a69c3dc30fa3a6157f76ddd1a033a"

cache-control: max-age=0, private, must-revalidate
etag: W/"d97a69c3dc30fa3a6157f76ddd1a033a"

Content Headers

Content-Length

Content

8357

Content-Type

Content

text/html; charset=utf-8

content-length: 8357
content-type: text/html; charset=utf-8

Server Headers

Server

nginx

X-Runtime

Server

0.010221

server: nginx
x-runtime: 0.010221

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: _portal_session=4PP6vsyMslms79%2BG%2F4gRnqUF0E9jQ87BrEQSSY0IaEhSBPH3hvwaI5nTFl214XKP3Ii2RZHZLZoPUaP0CH7hfyav%2B%2FOiQdzH8EoKg6WeLJooFJot0fril%2BrdELom%2BvB%2Fpcgl8RGHMqbH7YLQoTSdwfgNcCAwK5zhp0SxUy4iY9hhyssh1heEgnHtZslKC37s1ss%2B0yj%2FrKIG%2FFm02LaF6Juj1SuZTbAdRiTYW%2BO79lQlEAKo6pNS5gt5Rd3GRGeRZTpdV1wuW31jIlAT1gizcjGXM1VwrIc%3D--lFamaXXDSkXQKrbM--Vv4g%2Fy6Z%2FV1OPhrUChJifQ%3D%3D; domain=huntress.io; path=/; secure; HttpOnly; SameSite=Lax

Other Headers

Date

Other

Sun, 10 May 2026 01:16:24 GMT

Link

Other

URL https://huntresscdn.com/portal/assets/application-d4162249.js

rel=preload as=script nopush

URL https://huntresscdn.com/portal/assets/application-43a4d4a2.css

rel=preload as=style crossorigin=anonymous nopush

URL https://huntresscdn.com/portal/assets/tailwind.scoped-3e7b3dbd.css

rel=preload as=style crossorigin=anonymous nopush

URL

https://js.stripe.com/v3/

rel=preload as=script nopush

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

6651b004-4f54-4476-a6bb-f91805b292b8

date: Sun, 10 May 2026 01:16:24 GMT
link: <https://huntresscdn.com/portal/assets/application-d4162249.js>; rel=preload; as=script; nopush,<https://huntresscdn.com/portal/assets/application-43a4d4a2.css>; rel=preload; as=style; crossorigin=anonymous; nopush,<https://huntresscdn.com/portal/assets/tailwind.scoped-3e7b3dbd.css>; rel=preload; as=style; crossorigin=anonymous; nopush,<https://js.stripe.com/v3/>; rel=preload; as=script; nopush
x-permitted-cross-domain-policies: none
x-request-id: 6651b004-4f54-4476-a6bb-f91805b292b8

Recommendations

Enable compression (gzip/brotli) to improve performance