HTTP Headers Analysis for https://learn.glideapps.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=2592000

Content-Security-Policy

Basic

default-src

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Caching Headers

1 headers

Cache-Control

Caching

max-age=30

Content Headers

1 headers

Content-Type

Content

text/html; charset=utf-8

Server Headers

2 headers

Server

cloudflare

X-Powered-By

Server

Express

CORS Headers

4 headers

Access-Control-Allow-Headers

Cors

Content-Type,Authorization,X-Glide-Attempt,Fly-Customer-Request-Id,X-Glide-Anonymous-User,X-Glide-AI-Agent,X-Glide-Asynchronous,X-Glide-Raw-Data,X-Glide-Firebase-Auth

Access-Control-Allow-Methods

Cors

GET,POST,OPTIONS

Access-Control-Allow-Origin

Cors

*

Access-Control-Max-Age

Cors

3600

Cookies Headers

1 headers

Set-Cookie

Cookies

player-deployment-version=8bea2105aee5c7756986c13e070785901232fccf; Max-Age=10800; Path=/; Expires=Sat, 17 Jan 2026 11:58:47 GMT

Other Headers

12 headers

Alt-Svc

Other

h3=":443"; ma=86400

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9bf4a71e7894c950-IAD

Date

Other

Sat, 17 Jan 2026 08:58:47 GMT

Glide-Allow-Embedding

Other

ALLOW

X-Edge-Cache-Stale-At-Ms

Other

1768640357633

X-Edge-Cache-Status

Other

MISS

X-Edge-Origin-Cache-Control

Other

public, max-age=30, stale-while-revalidate=86400, stale-if-error=86400

X-Fly-Region

Other

cf-IAD

X-Glide-Deployment-Version

Other

2d70eec3ea68c79ed6c779e705f493c6eeb182aa

X-Origin-Cf-Cache-Status

Other

DYNAMIC

X-Robots-Tag

Other

noindex

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology