HTTP Headers Analysis for https://itf.src.mastercard.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=86400 ; includeSubDomains

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

accept-ranges: bytes
connection: close

Caching Headers

Cache-Control

Caching

max-age=0, no-cache, no-store

Expires

Caching

Tue, 12 May 2026 19:17:08 GMT

Pragma

Caching

no-cache

cache-control: max-age=0, no-cache, no-store
expires: Tue, 12 May 2026 19:17:08 GMT
pragma: no-cache

Content Headers

Content-Length

Content

11

content-length: 11

Server Headers

Server

Undisclosed

server: Undisclosed

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: _abck=ED3263CFEA2EE5AD157BE3C985F44B1B~-1~YAAQSKTAFz5xuuudAQAAfCCfHQ/Vj7/jxYpxB1WwkIpUOc5FuuCQT8bNlgkuiopATQrheiN1nILj6wqdMRqp6cp38TZaDym5ZivDWhMeAGe5ItIVgFtnA9Lk73CsB7g0xEh9FGbFAsjfLTxzo7Lwskwrb8wI8MbBRU16XXQzhyZKcmXWOe1otCXKkPyBVPfIsUEDmG3KMo7TaOOFwFE2A+tOpKxuMn9VlXKSimkI3fRg0Cle+ucgT7j5BuZ6mv5QTKwMfn8lXqkQldZ2W8MdFvAi9Knsy3CxJjlG3Qug4MeblSrUi6PseQA3qNVwMAeXI8axuWL7T1+ed3Yn0trd0vsZrgbPwSImCQjELKq95gcZTdn+q17WX+FwWI+TdORKnzSAXcAwj/VQzySY0Bj/qdZQyGYNztscS8AVemZu0vmjcofLi4lRWgOajND5moMZOcSwmBBtmOz6~-1~-1~-1~-1~-1; Domain=.mastercard.com; Path=/; Expires=Wed, 12 May 2027 19:17:08 GMT; Max-Age=31536000; Secure
bm_sz=E30607145DD9F50837605BF9A8E1B938~YAAQSKTAFz9xuuudAQAAfCCfHR/+yZ8WsUQJvXHccdH6a75AZkr/a/O0BnUUNKy8Cb3dW80GqW2KFKJEk5sj2B7xHaDfmUXt3kHH8O4wERShQuYqvaI7ZNf9osCiJTpMcxXWzOYMmHyVGkulNuJ2JONh+OHyp2m293lFynjLeFD5BScdbzJXPq41Lpy+wNhgUaZV1SFUJPyj9aYM0B9gggKtrZlCLqLhNLda3XbYl1zwFiVuPdxxhK3eOFUsBqCk/2fr8LcNPfcrbH3kvFbIRc1vcVZX82N3eX+Wet/ZIRrUvyjJSH5Q18sBm4xFTdi/5LpudpGt4QfVwDgDW6pKHIoin0spmj2mQzlQlcEbQGqVHA==~4277318~4337987; Domain=.mastercard.com; Path=/; Expires=Tue, 12 May 2026 23:17:07 GMT; Max-Age=14399

Other Headers

Date

Other

Tue, 12 May 2026 19:17:08 GMT

Server-Timing

Other

cdn-cache; desc=HIT, edge; dur=678, ak_p; desc="1778613427555_398500936_2420038434_67677_11609_22_102_-";dur=1

X-Akamai-Edgescape-Custom-Echo

Other

georegion=255, country_code=US, region_code=IL, city=CHICAGO, dma=602, pmsa=1600, areacode=312+773, county=COOK, fips=17031, lat=41.8858, long=-87.6229, timezone=CST, zip=60601-60626+60628-60634+60636-60641+60643-60647+60649+60651-60657+60659-60661+60664+60668-60670+60673-60675+60677-60678+60680-60682+60684-60691+60693-60695+60697+60699+60701, continent=NA, asnum=30081

date: Tue, 12 May 2026 19:17:08 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=678, ak_p; desc="1778613427555_398500936_2420038434_67677_11609_22_102_-";dur=1
x-akamai-edgescape-custom-echo: georegion=255, country_code=US, region_code=IL, city=CHICAGO, dma=602, pmsa=1600, areacode=312+773, county=COOK, fips=17031, lat=41.8858, long=-87.6229, timezone=CST, zip=60601-60626+60628-60634+60636-60641+60643-60647+60649+60651-60657+60659-60661+60664+60668-60670+60673-60675+60677-60678+60680-60682+60684-60691+60693-60695+60697+60699+60701, continent=NA, asnum=30081

Recommendations

Enable compression (gzip/brotli) to improve performance