HTTP Headers Analysis for https://learn.statsig.com

Detected Technologies from Headers

See all in URL Inspect 1

Nginx

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Weak

worker-src; frame-ancestors Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Significantly strengthen CSP directives
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

connection: close

Caching Headers

Cache-Control

Caching

no-store

Etag

Caching

W/"b893d8f1b3b7530c0dbddbb3af4eca94"

Expires

Caching

Fri, 01 Jan 1990 00:00:00 GMT

Pragma

Caching

no-cache

cache-control: no-store
etag: W/"b893d8f1b3b7530c0dbddbb3af4eca94"
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache

Content Headers

Content-Length

Content

156250

Content-Type

Content

text/html; charset=utf-8

content-length: 156250
content-type: text/html; charset=utf-8

Server Headers

Server

nginx

X-Runtime

Server

0.064989

server: nginx
x-runtime: 0.064989

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: _SessionV2_Production=LEefQ7eyNAWKtP9NyVbd1ddclJo2QjhDNpuDuW3WONanWzxfW%2FiSD6eay72ZMDGsShmi0pl7AbsFbyvTFdftZ3klezyL8WR8aqa4s9F8iIkQAykmPxsF8nVaZTRleFvd4bu1JctP9BnYBHP%2FwOaAG71DvbGMuhJM81qdPW%2BIKzMp3Gxk1Sa0ywMy%2BteQHjRAYs8D2bpPIhgS0R9vPreV7tUy2HmqGrCB2n6uiql7VId4he4ELMbMEPE95BepSTPmYD%2FrQAO5SR%2Fj4k4dId%2B8FvJ1AuhNBK%2BsDj9IMFq%2FqOO7AWXLiu5IJY5aXtGTvchICuesEG7mPROqJYdpdvwHFVQ%3D--CvBKp%2FbIL%2FnCjjab--wY9pZwqsMdpT27Jl3g29%2Bw%3D%3D; path=/; secure; HttpOnly; SameSite=None

Other Headers

Date

Other

Tue, 24 Feb 2026 10:06:28 GMT

Link

Other

URL https://assets.workramp.com/assets/application-3dea9abd28aad3a235bff87f30a3da75ec1498bf795993e52e5d450ca8bd4b20.css

rel=preload as=style nopush

URL https://assets.workramp.com/assets/i18n/translations-00411f261054500ff6e8f35f36abbc231782d863860b4adc5a142dd017236f35.js

rel=preload as=script nopush

URL https://assets.workramp.com/vite/assets/application-BbsfXWZv.js

rel=modulepreload as=script nopush

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

cb0febb8-dee2-4b43-bd5c-cb495ab1f020

X-Ua-Compatible

Other

IE=edge

date: Tue, 24 Feb 2026 10:06:28 GMT
link: <https://assets.workramp.com/assets/application-3dea9abd28aad3a235bff87f30a3da75ec1498bf795993e52e5d450ca8bd4b20.css>; rel=preload; as=style; nopush,<https://assets.workramp.com/assets/i18n/translations-00411f261054500ff6e8f35f36abbc231782d863860b4adc5a142dd017236f35.js>; rel=preload; as=script; nopush,<https://assets.workramp.com/vite/assets/application-BbsfXWZv.js>; rel=modulepreload; as=script; nopush
x-permitted-cross-domain-policies: none
x-request-id: cb0febb8-dee2-4b43-bd5c-cb495ab1f020
x-ua-compatible: IE=edge

Recommendations

Enable compression (gzip/brotli) to improve performance