HTTP Headers Analysis for https://login.freshpo.com

Detected Technologies from Headers

See all in URL Inspect 2

Cloudflare CDN

Envoy

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

connection: close
transfer-encoding: chunked

Caching Headers

No caching headers found

Content Headers

Content-Type

Content

application/json

content-type: application/json

Server Headers

Server

cloudflare

server: cloudflare

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: _x_w=1; path=/; HttpOnly; secure
_helpkit_session=S0hYYUlpQnBmOXVmTytObVJZKzM4OXBaTUU3VjNHNkVPTlJRQUVlYk95Ym9EdW1CS0RrNDZsMGUyTTVpSUVQRjBEZHJ2THRJckdTWWFGcE83YjRxUFpVL01peW0xcUNHYTRER3NvN1JiUyswMG5UbkFJb0RXWXRRdTZneXpHd3ovYXdWTE9JM08wN0FKLyswMjZCZWcyeGpQcnV0aWlIb05LcTdlRk5LQjBjN3p6OTFnMmMzU0R2SVRLUCtUNnpWbGpkcW1UenJCQXhXUlhvd2x3V2o3Ukc3R0p4eU5qczdGNmk1VlhzRGwrOD0tLUsva1BEb01aU3FsbmI1VTByRXR4VXc9PQ%3D%3D--cf00a2686ca10f33e75271b513dfeb269452c996; path=/; HttpOnly; secure
__cf_bm=9BLd8cM2GzxOgsHHaMCukFhl8UNoUfGthhjzLeKIoNQ-1776218600.625897-1.0.1.1-Bu.sZM5d7ntAD_FDSgW.cbvRFow58QaHGnvyQxBJJDz7d6lyg_QvMExSLziAHVyD4Y0kTQsr6Zm4HTLZidX0U2iZsFpeHCm0GjEsBefN6HYvlxlC.eT_87wxxuOzZVuS; HttpOnly; Secure; Path=/; Domain=freshpo.com; Expires=Wed, 15 Apr 2026 02:33:20 GMT

Other Headers

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9ec75f8dede7e5b4-IAD

Date

Other

Wed, 15 Apr 2026 02:03:20 GMT

Nel

Other

Report-To Group nel-endpoint-freshdesk max-age: 4w

include subdomains

Report-To

Other

Group nel-endpoint-freshdesk max-age: 4w

Endpoint 1 https://nel.freshedge.net/nelreports/freshdesk

Status

Other

500 Internal Server Error

X-Envoy-Upstream-Service-Time

Other

128

X-Fw-Ratelimiting-Managed

Other

true

X-Ratelimit-Remaining

Other

999

X-Ratelimit-Total

Other

1000

X-Ratelimit-Used-Currentrequest

Other

1

X-Request-Id

Other

816f0f5d-5b8f-4df1-b3fc-55164db96fc6

X-Server-Processing-Time-Ms

Other

131

X-Trace-Id

Other

00-9ea501f8f90fc8945df40915c06787a3-6562dc6d0b29473f-00

cf-cache-status: DYNAMIC
cf-ray: 9ec75f8dede7e5b4-IAD
date: Wed, 15 Apr 2026 02:03:20 GMT
nel: { "report_to": "nel-endpoint-freshdesk", "max_age": 2592000, "include_subdomains": true}
report-to: { "group": "nel-endpoint-freshdesk", "max_age": 2592000, "include_subdomains": true, "endpoints": [{"url": "https://nel.freshedge.net/nelreports/freshdesk"}]}
status: 500 Internal Server Error
x-envoy-upstream-service-time: 128
x-fw-ratelimiting-managed: true
x-ratelimit-remaining: 999
x-ratelimit-total: 1000
x-ratelimit-used-currentrequest: 1
x-request-id: 816f0f5d-5b8f-4df1-b3fc-55164db96fc6
x-server-processing-time-ms: 131
x-trace-id: 00-9ea501f8f90fc8945df40915c06787a3-6562dc6d0b29473f-00

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching