HTTP Headers Analysis for https://larksuite.com

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

1 headers

Connection

Performance

keep-alive

Caching Headers

0 headers

No caching headers found

Content Headers

2 headers

Content-Length

Content

43

Content-Type

Content

text/html; charset=utf-8

Server Headers

1 headers

Server

TLB

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

__hera_back_to_source=one-lark; Path=/; Domain=www.larksuite.com; Max-Age=1209600

Other Headers

16 headers

Content-Security-Policy-Report-Only

Other

script-src 'self' 'unsafe-eval' 'unsafe-inline' *.byted-static.com *.bytedapm.com *.bytegoofy.com *.bytescm.com *.feishu-boe.cn *.feishu.cn *.feishucdn.com *.framer.com *.hubspot.com *.ibytedapm.com *.ibytedtos.com *.larksuite-boe.com *.larksuite.com *.larksuitecdn.com *.ocic-static.com *.snssdk.com *.yahoo.co.jp https://framer.com https://accounts.google.com https://app.factors.ai https://bat.bing.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://framerusercontent.com https://googleads.g.doubleclick.net https://googletagmanager.com https://hm.baidu.com https://js-na1.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.intercomcdn.com https://s.yimg.jp https://scout-cdn.salesloft.com https://sf16-website-login.neutral.ttwstatic.com https://snap.licdn.com https://static.ads-twitter.com https://widget.intercom.io https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://zz.bdstatic.com; worker-src 'self' blob:; report-to csp-endpoint

Date

Other

Fri, 21 Nov 2025 11:56:29 GMT

Location

Other

/en_us/

Reporting-Endpoints

Other

csp-endpoint="https://mon.zijieapi.com/monitor_browser/collect/batch/security/?bid=larkug_gtm_csp_report"

Request-Id

Other

2025112119562980270539661D80B27E4C

Server-Timing

Other

cdn-cache; desc=MISS, edge; dur=0, origin; dur=243

To-Env

Other

Tt_stable

Other

1

X-Envoy-Response-Flags

Other

-

X-Lgw-Dst-Svc

Other

-6a4QNcw_xOETS9DZZJw1-BNyO5TUgw2Flo33u7N26EoFN-yGc5kNZwD8ItREFkpwyO9t9-yV5HUKK7v14HC0jwLLvfMmVLdQIT8fxfgfEB9uqoqOkeSnqJ9sVg4PqagfENmQo2aaMQsFkVLe7zftBbtBAL_s5n6b0NV1m0vLgqP56K5t5esNh4IjsPSl9b-27bX0JmG4HHGShVlSPaOKFL58u7m0bx0tJHkwSI-m6jYsYj9hWyhIUBOK91FXTgRfEMwArpXPl5F7PI4VkWksVKV4gVeO3UWqf7K4c7kapOSqeeobg==

X-Origin-Response-Time

Other

243,23.53.12.57

X-Request-Id

Other

2025112119562980270539661D80B27E4C

X-Tt-Logid

Other

2025112119562980270539661D80B27E4C

X-Tt-Trace-Host

Other

014cffece9321bc5149cca05cd3678aef2a4d6d8bfb3ec19c48f01e79495dfb6bd1e4b2e94c8433cd3ad0beaadba0e153d32be5776289c956098676b2f4126732d6f8439c8fd1a15a98f8386fe1c9df120b527e18557e6586eef6b0356609c6d3b67f3b04c06c4d79bd69451a66b6b381f

X-Tt-Trace-Id

Other

00-25112119562980270539661D80B27E4C-386FF6031458D0E1-00

X-Tt-Trace-Tag

Other

id=16;cdn-cache=miss;type=dyn

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching