HTTP Headers Analysis for https://magefan.com

Detected Technologies from Headers

See all in URL Inspect 29

Adobe Target

PayPal

Adobe Audience Manager

Adobe Dynamic Tag Management

Adobe Experience Cloud

BootstrapCDN

Braintree

Bunny Fonts

Font Awesome

Google AdSense

Google Analytics

Google API JS Client

Google Conversion Tracking

Google DoubleClick

Google Fonts

Google Pay

Google reCAPTCHA

Google Search

Google Static File Front End

Google Sign-In

Google Tag Manager

New Relic

Nginx

Shopify

Stape

Vimeo

YouTube

Zendesk

Google Cloud

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000; always

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Basic

font-src; form-action; frame-ancestors; +11 more Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Vary

Performance

Accept-Encoding, Accept-Encoding

accept-ranges: bytes
connection: close
vary: Accept-Encoding, Accept-Encoding

Caching Headers

Cache-Control

Caching

no-store, no-cache, must-revalidate, max-age=0

Expires

Caching

-1

Pragma

Caching

no-cache

cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: -1
pragma: no-cache

Content Headers

Content-Length

Content

174169

Content-Type

Content

text/html; charset=UTF-8

content-length: 174169
content-type: text/html; charset=UTF-8

Server Headers

Server

nginx

server: nginx

CORS Headers

Access-Control-Allow-Origin

Cors

*

access-control-allow-origin: *

Cookies Headers

No cookies headers found

Other Headers

Alt-Svc

Other

h3=":443"; ma=86400

Date

Other

Fri, 10 Apr 2026 02:09:04 GMT

X-Magento-Country-Code

Other

US

X-Magento-Vary

Other

5b4b40b8e41422a330ae393e7fb10788e235eff238e1954cda37f67f94bbb9cb

X-Magento-Vary-Log

Other

5b4b40b8e41422a330ae393e7fb10788e235eff238e1954cda37f67f94bbb9cb

alt-svc: h3=":443"; ma=86400
date: Fri, 10 Apr 2026 02:09:04 GMT
x-magento-country-code: US
x-magento-vary: 5b4b40b8e41422a330ae393e7fb10788e235eff238e1954cda37f67f94bbb9cb
x-magento-vary-log: 5b4b40b8e41422a330ae393e7fb10788e235eff238e1954cda37f67f94bbb9cb

Recommendations

Enable compression (gzip/brotli) to improve performance