HTTP Headers Analysis for https://nasdaq.com

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers

Connection

Performance

Transfer-Encoding

Performance

chunked

Caching Headers

3 headers

Cache-Control

Caching

max-age=0, no-cache, no-store

Expires

Caching

Wed, 12 Nov 2025 07:24:49 GMT

Pragma

Caching

no-cache

Content Headers

2 headers

Content-Language

Content

en

Content-Type

Content

text/html; charset=UTF-8

Server Headers

1 headers

Server

Rendering-Platform

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

akaalb_ALB_Origin_AO_ARP=1763018689~op=ORIGIN_AO_ARP:ao_arp_prod|~rv=42~m=ao_arp_prod:0|~os=b723797472c25b85c2fde744408a092a~id=517524497dc3b848d4a82b9a96c15c5e; path=/; Expires=Thu, 13 Nov 2025 07:24:49 GMT; HttpOnly; Secure; SameSite=None

Other Headers

10 headers

Alb-Origin

Other

ao-arp-prod.nasdaq.com

Date

Other

Wed, 12 Nov 2025 07:24:49 GMT

Server-Timing

Other

ak_p; desc="1762932289646_389047409_1303570564_22_7085_1_4_-";dur=1

X-Akamai-Transformed

Other

9 - 0 pmb=mRUM,2

X-Rendering-Platform-Env

Other

PROD

X-Rendering-Platform-Req-Uuid

Other

3ab769d0-2c7c-44a4-8bb5-a93e5349092d

X-Rendering-Platform-Tmpl-Ts

Other

Wed, 12 Nov 2025 07:20:19.528274462 UTC

X-Rendering-Platform-Version

Other

1.0.6092911

X-Rendering-R

Other

UC

X-Rendering-Server

Other

rrp-home-app-67f896479f-zcmdt

Recommendations

Enable compression (gzip/brotli) to improve performance