HTTP Headers Analysis for https://hyperwallet.com

Detected Technologies from Headers

See all in URL Inspect 7

PayPal

YouTube

Datadog

Google Analytics

Google DoubleClick

Google Tag Manager

Varnish

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Good

default-src; style-src; script-src; +9 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Present

ch-ua-platform-version=(self "https://c.paypal.com"), ch-ua-arch=(self "https://c.paypal.com"), ch-ua-wow64=(self "https://c.paypal.com"); +4 more

Recommendations

• Strengthen CSP by removing 'unsafe-eval'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)

Performance Headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Vary

Performance

Accept-Encoding, Accept-Encoding

accept-ranges: bytes
connection: close
vary: Accept-Encoding, Accept-Encoding

Caching Headers

Cache-Control

Caching

max-age=0, no-cache, no-store, must-revalidate

Etag

Caching

W/"48b6d-wyVt15nbwY6P3rmJxtQ2HgPV+og"

cache-control: max-age=0, no-cache, no-store, must-revalidate
etag: W/"48b6d-wyVt15nbwY6P3rmJxtQ2HgPV+og"

Content Headers

Content-Length

Content

297837

Content-Type

Content

text/html; charset=utf-8

content-length: 297837
content-type: text/html; charset=utf-8

Server Headers

No server headers found

CORS Headers

Access-Control-Expose-Headers

Cors

Server-Timing

access-control-expose-headers: Server-Timing

Cookies Headers

Set-Cookie

Cookies

set-cookie: enforce_policy=ccpa; Max-Age=31536000; Domain=.hyperwallet.com; Path=/; Expires=Thu, 06 May 2027 23:25:20 GMT; Secure; SameSite=None
LANG=en_US%3BUS; Max-Age=31556; Path=/; Expires=Thu, 07 May 2026 08:11:16 GMT; HttpOnly; Secure; SameSite=None
tsrce=hwnodeweb; Max-Age=259199; Domain=.hyperwallet.com; Path=/; Expires=Sat, 09 May 2026 23:25:19 GMT; HttpOnly; Secure; SameSite=None
x-pp-s=eyJ0IjoiMTc3ODEwOTkyMDUwNiIsImwiOiIwIiwibSI6IjAifQ; Domain=.hyperwallet.com; Path=/; HttpOnly; Secure; SameSite=None
tsrce=hwnodeweb; Domain=.paypal.com; Path=/; Expires=Sat, 09 May 2026 23:25:20 GMT; HttpOnly; Secure; SameSite=None
nsid=s%3AaD8mTnCECgv-gI8krDSVzJPdQ7eXSOOW.uyka16HvbShWLZcdMfvCrhTbo7iuJsJSykDB7wY8gUc; Path=/; HttpOnly; Secure
fsessionid=177810992098eb0e7fcc61f322d6ef1; secure; path=/; httponly; expires=Thu, 07 May 2026 23:25:20 GMT

Other Headers

Accept-Ch

Other

sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64

Date

Other

Wed, 06 May 2026 23:25:20 GMT

Dc

Other

ccg11-origin-www-1.paypal.com

Paypal-Debug-Id

Other

1970ee4915e37

Server-Timing

Other

"traceparent;desc="00-00000000000000000001970ee4915e37-a5ce97541b875e4a-01"";content-encoding;desc="",x-cdn;desc="fastly"

Timing-Allow-Origin

Other

*

Via

Other

1.1 varnish, 1.1 varnish

X-Cache

Other

MISS, MISS, MISS

X-Cache-Hits

Other

0, 0, 0

X-Served-By

Other

cache-iad-kiad7000137-IAD, cache-iad-kiad7000103-IAD, cache-ewr-kewr1740046-EWR

X-Timer

Other

S1778109920.181757,VS0,VE397

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
date: Wed, 06 May 2026 23:25:20 GMT
dc: ccg11-origin-www-1.paypal.com
paypal-debug-id: 1970ee4915e37
server-timing: "traceparent;desc="00-00000000000000000001970ee4915e37-a5ce97541b875e4a-01"";content-encoding;desc="",x-cdn;desc="fastly"
timing-allow-origin: *
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, MISS, MISS
x-cache-hits: 0, 0, 0
x-served-by: cache-iad-kiad7000137-IAD, cache-iad-kiad7000103-IAD, cache-ewr-kewr1740046-EWR
x-timer: S1778109920.181757,VS0,VE397

Recommendations

Enable compression (gzip/brotli) to improve performance