HTTP Headers Analysis for https://it.aliexpress.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

1 headers

Connection

Performance

close

Caching Headers

2 headers

Cache-Control

Caching

max-age=60

Expires

Caching

Tue, 20 Jan 2026 18:26:37 GMT

Content Headers

2 headers

Content-Length

Content

1843

Content-Type

Content

text/html;charset=UTF-8

Server Headers

1 headers

Server

Tengine/Aserver

CORS Headers

1 headers

Access-Control-Allow-Credentials

Cors

true

Cookies Headers

1 headers

Set-Cookie

Cookies

x5secdata=xfluWJfKoRZjDWbdXQLaUor6noM4CBPAoj08rGyax8hXepZZ60ljhV0NdI8mQbXjbbdsQj8VbVCEdu-x0qvOley6ZTgQxmuwkfY1b738b8Dqb-s66wXVWlLWtuHm22eC17jNqLO5f-w_pvfWyJq-0AD8ktlpmgullKHzqrWnUf09gFf6liFUgH71cHfP9S5LfLcv8LV1BjEdhIuX8AZT4Uqid6e9zGJlILfk3Qjg0k7QSY-ZCf53e4w5ywmldQmC4-ybBzwEXnTap6-BQyifMgRXWKm_ykWuvu7zv0a5owBfMLyuITYMVNa9Z0vhesmakFmZkTnDTUnezfD5WZIPvsXn99OGjA1mAxlFKXCIo8tv8adNZ7d7_g25UFQldboOO75NNS1dKiVThjd3YxOrFeIsVfDMzUZdmb_2FpZZjY9nzwmMIBXDsuQYjbFfVspPKvsx86MgXiV6wPG2dDVpIZG1Yb5B26bFyrp9Ca-3hwbR5L4jThJ5Y1i0hWbdRWpI3IfKtr6AmqulWd-Y5721pfj4QkKmaFiNkbMN06u3Azs4eiLun4MWB-5i2QH_q-PECiMbRkQ1wNeImw8SUOwdcyuGdRTvZIAFmZxRFI9YAKG95jTKuujKZ7UdZSPlViNQYgt_e91NWy0oiO4oIkkfcZGE8chAEtaKA7zpqKJk6pK9nDXI-Eiyau_9G6BXvJo3Hb1acDntyXvEO66KMIjIJ-Tw__bx__it.aliexpress.com%2f; Max-Age=20; Path=/; Domain=aliexpress.com

Other Headers

8 headers

Alt-Svc

Other

h3=":443"; ma=93600

Bxpunish

Other

1

Date

Other

Tue, 20 Jan 2026 18:25:37 GMT

Eagleeye-Traceid

Other

210311c217689335373782566ef434

Timing-Allow-Origin

Other

*

X-Akamai-Fwd-Auth-Data

Other

1035598557, 23.220.105.152, 1768933537, 216.246.40.87

X-Akamai-Fwd-Auth-Sha

Other

1FD055D15E9302C69F617C386292B86458A418966616652634FF709B65A49B84

X-Akamai-Fwd-Auth-Sign

Other

pqaDGyUAJ8lMdJeMGSI2Gr51YXYr1btwwtxof0FilsWjLmp5L9l2b1lLhm857v6IVagmzfQgMXWgbZG7Hj2bOeOs0ckmLmhlN8IuD9d7d6A=

Recommendations

Enable compression (gzip/brotli) to improve performance