HTTP Headers Analysis for https://login.engineyard.com

Detected Technologies from Headers

See all in URL Inspect 1

Nginx

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=15552000

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

same-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

connection: close
transfer-encoding: chunked

Caching Headers

Cache-Control

Caching

max-age=0, private, must-revalidate

Etag

Caching

W/"a4ad370a0dc914b2c1b372f162d5f3c6"

cache-control: max-age=0, private, must-revalidate
etag: W/"a4ad370a0dc914b2c1b372f162d5f3c6"

Content Headers

Content-Type

Content

text/html; charset=utf-8

content-type: text/html; charset=utf-8

Server Headers

Server

nginx

X-Runtime

Server

0.006585

server: nginx
x-runtime: 0.006585

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: AWSALB=I27b8Jf0xvZkEfbhHgIu3F0Mr5LCpl6ZeRgNWtulze7o+3qyvajEWkQ8bSCiT+9w+DlqkCxCaJRWwpDXREXJmkQ+ipDeI15W++0z13Hd8JohzOOvTr/lc8xNLual; Expires=Tue, 03 Mar 2026 03:39:42 GMT; Path=/
AWSALBCORS=I27b8Jf0xvZkEfbhHgIu3F0Mr5LCpl6ZeRgNWtulze7o+3qyvajEWkQ8bSCiT+9w+DlqkCxCaJRWwpDXREXJmkQ+ipDeI15W++0z13Hd8JohzOOvTr/lc8xNLual; Expires=Tue, 03 Mar 2026 03:39:42 GMT; Path=/; SameSite=None; Secure
eylocale=en; domain=.engineyard.com; path=/; expires=Fri, 06 Mar 2026 03:39:42 -0000; secure
_sso_anon_session=VnRZQTdlT2RyaUFMekI5WTYrRStvdWZmeVFTbTR2N3pGMWV1ekcvSE16YnM5RGh0NUt3eFZQelVWYkhBZmFUUHM4dit1SWRkMFBDVm5VMVBwM0JlT0s1aHIxVVArNXd6bUhFaUhFNk5UNFlKYVkwaGc4a3lkRUJ6d3ZpOXpTS0tTRnRUcjFRUy9FU3hCOUpNNDlhcU54SkgvRFZ4SlBIeTNyR0VnR0xPTFZxNm13S21Td2ZrSWNqeG16TXU2TGdELS15YW1wc1NGclNiYmVhRzZrR05kQ05nPT0%3D--c2e9fc399195c908decf3c119ec4c6a1f09d75f8; path=/; expires=Tue, 03 Mar 2026 03:39:42 -0000; secure; HttpOnly; SameSite=Lax

Other Headers

Date

Other

Tue, 24 Feb 2026 03:39:42 GMT

Status

Other

200 OK

X-Request-Id

Other

1f031e64-c711-44d0-8108-6a1c5400fb05

date: Tue, 24 Feb 2026 03:39:42 GMT
status: 200 OK
x-request-id: 1f031e64-c711-44d0-8108-6a1c5400fb05

Recommendations

Enable compression (gzip/brotli) to improve performance