HTTP Headers Analysis for https://img.cdw.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Basic

default-src; style-src; script-src; +3 more

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

1 headers

Connection

Performance

close

Caching Headers

3 headers

Cache-Control

Caching

max-age=604800

Etag

Caching

"02e85c1804cd01:0"

Last-Modified

Caching

Thu, 19 Feb 2015 20:15:08 GMT

Content Headers

2 headers

Content-Length

Content

625

Content-Type

Content

text/html

Server Headers

0 headers

No server headers found

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

bm_sz=7E6178BDF4F58CC468163163E942D30E~YAAQkGvcF9B00VCbAQAAJScNdh5ofJFNJfyKjcVpsQixhI+nADbSWzgnRxbp6uNx1nxzfWgXk6egYmEPqrhlKcEZ+PhUUyZn7HMood11ftAEyFuCGjRKwBYGis2wL0yEm9jJfhUozk6GhDPXDaoTN1UWLc3vC/94rOr7La/zBTn8ew8QUYCh8eIE0Pn5TlRagKi6FA7agxelwghtjfJq8SCcrjyAS0lN5aXOEPRjUgs7S3EfansKWt7KkEhfI52UMM8VmH5qg02+sQiMOgXRBuGhob1mCBzsjf0Z2EXBKvh0IvtO2cqqgfn/eBNPcMbjsWx+4e04hb7Cx2dG3r/jUQ6lriTeBS/0~4539205~3616837; Domain=.cdw.com; Path=/; Expires=Thu, 01 Jan 2026 00:15:32 GMT; Max-Age=14400; SameSite=None; Secure

Other Headers

3 headers

Date

Other

Wed, 31 Dec 2025 20:15:32 GMT

Timing-Allow-Origin

Other

https://www.cdw.com,https://www.cdwg.com,https://www.cdw.ca

X-Akamai-Transformed

Other

l - 0 -

Recommendations

Enable compression (gzip/brotli) to improve performance