HTTP Headers Analysis for https://login.paddle.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Good

default-src; script-src; style-src; +9 more

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer

Permissions-Policy

Present

accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()

Recommendations

• Strengthen CSP by removing 'unsafe-eval'

Performance Headers

3 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

accept-encoding

Caching Headers

3 headers

Age

Caching

93

Etag

Caching

W/"78e5c87b70466159f66f445eaa17cdfd"

Last-Modified

Caching

Thu, 18 Dec 2025 08:30:17 GMT

Content Headers

1 headers

Content-Type

Content

text/html

Server Headers

1 headers

Server

cloudflare

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

__cf_bm=uS2ArWFV5DOcGv2sUkGMYUQCL4jNflwIn2IyMyp6iPM-1768828517-1.0.1.1-purxg.BrG1u1k77Ud3rwBo6AqbLrOCQUMIrzTLWeYLECSKOcGOYHqcAcozylsXgWVQKfLoxEx0C1BPnFIXCNg9xu1kmN3FuZfw3hSDc6ohU; path=/; expires=Mon, 19-Jan-26 13:45:17 GMT; domain=.paddle.com; HttpOnly; Secure; SameSite=None

Other Headers

9 headers

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9c069999db2fd6b1-IAD

Date

Other

Mon, 19 Jan 2026 13:15:17 GMT

Via

Other

1.1 0ebe6e1aeade584a38f4b98aa3f2014a.cloudfront.net (CloudFront)

X-Amz-Cf-Id

Other

KLretOM_5rFX0P50PtWTiyyaupm19joA_e44lAQdh-7enjtUZ4P_jg==

X-Amz-Cf-Pop

Other

IAD61-P1

X-Amz-Server-Side-Encryption

Other

AES256

X-Cache

Other

Hit from cloudfront

X-Permitted-Cross-Domain-Policies

Other

none

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching