HTTP Headers Analysis for https://login.audi.com

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Weak

frame-ancestors

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

camera=(self "https://e0k754.acquire.io"), microphone=(self "https://e0k754.acquire.io"), usb=()

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Significantly strengthen CSP directives
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking

Performance Headers

3 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

Caching Headers

3 headers

Age

Caching

2916

Cache-Control

Caching

public, max-age=10800, s-maxage=300, stale-while-revalidate=10800, stale-if-error=604800

Etag

Caching

"6a8b7907a58f43622438c7aaa05cff40b766717affc899bcc7c289930bc7b65b"

Content Headers

1 headers

Content-Type

Content

text/html

Server Headers

1 headers

Server

CloudFront

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

10 headers

Content-Security-Policy-Report-Only

Other

default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; object-src 'none'; frame-ancestors 'self' https://experience.adobe.com; connect-src 'self' https: wss://e0k754.acquire.io; base-uri 'self'; font-src 'self' https: data:; worker-src 'self' blob:; report-uri https://my-audi-com.prod.renderer.one.audi/api/csp-report; report-to csp-endpoint

Date

Other

Thu, 22 Jan 2026 09:33:56 GMT

Reporting-Endpoints

Other

csp-endpoint="https://my-audi-com.prod.renderer.one.audi/api/csp-report"

Via

Other

1.1 4ee1745ee3cece0fab563f5a32ba165a.cloudfront.net (CloudFront), 1.1 9bfafde51fc331b971140cbd2b98172e.cloudfront.net (CloudFront)

X-Age

Other

436

X-Amz-Cf-Id

Other

0yLFR3FNojuOy_KK-0bXOVaL2T5Es62tlJaIVYTTqWw-3deW3LNz_g==

X-Amz-Cf-Pop

Other

IAD55-P3

X-Amzn-Requestid

Other

00119740-8506-4d3c-82e3-b97c867e36df

X-Amzn-Trace-Id

Other

Root=1-6971ef02-08d2183b21e41b3820e9b5cc;Parent=226746d986117c4f;Sampled=0;Lineage=1:34a40f7e:0

X-Cache

Other

Hit from cloudfront

Recommendations

Enable compression (gzip/brotli) to improve performance