HTTP Headers Analysis for https://id.padlet.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=15552000; includeSubDomains; preload

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding, Accept-Language

Caching Headers

1 headers

Cache-Control

Caching

max-age=0, private, must-revalidate

Content Headers

1 headers

Content-Type

Content

text/html; charset=utf-8

Server Headers

2 headers

Server

cloudflare

X-Runtime

Server

0.048772

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

__cf_bm=AL8DE5360fSzw1KgiB5sXRJcNwExbODKpXshwBFeGyQ-1769371985-1.0.1.1-u5KkWABRFYNL9ZRmm646R0SjDJN8_xRc517khgdvfstgeP8QPk80a_c6MI_Wu_4bKii_MKATPdx7NEvFyJU3xVUxqmFsBLL4LwBBGgB8D0.VDjrXdeaxB9jPK8wYxI8h; path=/; expires=Sun, 25-Jan-26 20:43:05 GMT; domain=.padlet.com; HttpOnly; Secure; SameSite=None

Other Headers

15 headers

Alt-Svc

Other

h3=":443"; ma=86400

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9c3a6ddd3ff648f1-IAD

Content-Security-Policy-Report-Only

Other

script-src 'self' padlet.net maps.googleapis.com apis.google.com ta-echo.padlet.com api.commandbar.com cdn.commandbar.com app.getbeamer.com challenges.cloudflare.com embed.cloudflarestream.com cdn.usefathom.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' padlet.net fonts.googleapis.com cdn.commandbar.com app.getbeamer.com 'unsafe-inline'; font-src 'self' padlet.net fonts.gstatic.com data:; report-uri https://padlet.com/csp-report;

Date

Other

Sun, 25 Jan 2026 20:13:05 GMT

Link

Other

<https://padlet.net/ui/assets/landside-DdV40bIr.js>; rel=modulepreload; as=script; crossorigin=anonymous; nopush,<https://padlet.net/ui/assets/landside-BKtLm9aT.css>; rel=preload; as=style; nopush,<https://padlet.net/ui/assets/tailwind-CS-Ih9O0.css>; rel=preload; as=style; nopush,<https://padlet.net/ui/assets/OzIcon-Dg2mQp41.css>; rel=preload; as=style; nopush,<https://padlet.net/ui/assets/OzPadletLogo-CTWHZv6G.css>; rel=preload; as=style; nopush,<https://padlet.net/ui/assets/OzOverlay-BCcFiH3u.css>; rel=preload; as=style; nopush,<https://padlet.net/ui/assets/OzInput-CH0qDiel.css>; rel=preload; as=style; nopush,<https://padlet.net/fonts/inter/subset/inter-latin.woff2>;rel="preload";as="font";crossorigin,<https://padlet.net/fonts/inter/subset/inter-latin.woff2>; rel=preload; as=font; type=font/woff2; crossorigin=anonymous,<https://padlet.net/assets/translations/id-b04443576f8d79d8dd9bf4f8fdc6fbc1ae377f00dc77676785e1f7688b10786a.js>; rel=preload; as=script; nopush

P3p

Other

CP="IDC DSP COR CURa ADMa OUR NOR ONL COM"

Via

Other

1.1 google

Ww-App-Version

Other

v-2601251056-0b33f-production

Ww-Box

Other

mozart-web-77bf4f5698-bmw4w

Ww-Cat

Other

landside

Ww-Qt

Other

low

X-Backend

Other

GKE-mozart-production

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

38540665-43b7-4acb-a2c1-97c7fcbddeac

Recommendations

Enable compression (gzip/brotli) to improve performance