HTTP Headers Analysis for https://ispot.tv

Detected Technologies from Headers

See all in URL Inspect 24

AWS CloudFront

Cloudflare NEL Monitoring

AWS

Chili Piper

Clickagy

Cloudflare CDN

Datadog

Font Awesome

Google Analytics

Google API JS Client

Google DoubleClick

Google Fonts

Google Search

Google Tag Manager

Google Translate

Greenhouse

jQuery

jsDelivr

PHP

Salesforce Pardot

Twitter

YouTube

ZoomInfo

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Basic

default-src; script-src-elem; style-src-elem; +12 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

accept-encoding

connection: close
transfer-encoding: chunked
vary: accept-encoding

Caching Headers

Cache-Control

Caching

no-store, no-cache, must-revalidate

Expires

Caching

Thu, 19 Nov 1981 08:52:00 GMT

Pragma

Caching

no-cache

cache-control: no-store, no-cache, must-revalidate
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache

Content Headers

Content-Type

Content

text/html; charset=UTF-8

content-type: text/html; charset=UTF-8

Server Headers

Server

cloudflare

server: cloudflare

CORS Headers

Access-Control-Allow-Origin

Cors

*

access-control-allow-origin: *

Cookies Headers

Set-Cookie

Cookies

set-cookie: PHPSESSID=51f71abf5a121847c16f46837cc09d99; path=/; secure; HttpOnly; SameSite=Lax

Other Headers

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9d2e2301ba90d6d4-IAD

Date

Other

Tue, 24 Feb 2026 10:04:05 GMT

Nel

Other

Report-To Group cf-nel max-age: 1w

success: 0.0%

Report-To

Other

Group cf-nel max-age: 1w

Endpoint 1 https://a.nel.cloudflare.com/report/v4?s=soT1YoPd8NGVEuu6qbQNLTKkEoGYOHPuShbbq2xZ41QXnc9%2Bu5BSdcQAaWy%2FplMzIL2Zd1N18Z1yOPVHO8vfc6Ah2fDfgiDfldWM

cf-cache-status: DYNAMIC
cf-ray: 9d2e2301ba90d6d4-IAD
date: Tue, 24 Feb 2026 10:04:05 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=soT1YoPd8NGVEuu6qbQNLTKkEoGYOHPuShbbq2xZ41QXnc9%2Bu5BSdcQAaWy%2FplMzIL2Zd1N18Z1yOPVHO8vfc6Ah2fDfgiDfldWM"}]}

Recommendations

Enable compression (gzip/brotli) to improve performance