Open
Cached
·
just now
24
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=2628000 ; includeSubDomains
Content-Security-Policy
Weak
frame-ancestors
X-Frame-Options
Good
sameorigin
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Present
ch-ua-model=("https://sdk-api-v1.singular.net"), ch-ua-platform-version=("https://sdk-api-v1.singular.net"), ch-ua-full-version-list=("https://sdk-api-v1.singular.net")
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Significantly strengthen CSP directives
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
Performance Headers
1 headers
Connection
Performance
close
Caching Headers
3 headers
Cache-Control
Caching
max-age=900
Etag
Caching
"jrp976q7vj7j0q"
Expires
Caching
Mon, 12 Jan 2026 15:24:13 GMT
Content Headers
2 headers
Content-Length
Content
818767
Content-Type
Content
text/html; charset=UTF-8
Server Headers
2 headers
Server
Server
unified-edge-router
X-Powered-By
Server
Next.js
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
ni_d=5FA97F64-1114-459D-aE23-B5ACA619AE4C; expires=Thu, 11-Feb-2027 15:09:13 GMT; path=/; domain=.nike.com; secure
Other Headers
11 headers
Accept-Ch
Other
sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version-list
Akamai-Grn
Other
0.fac83017.1768230553.23740d1f
Date
Other
Mon, 12 Jan 2026 15:09:13 GMT
Server-Timing
Other
ak_p; desc="1768230553279_389073146_594808095_37_144991_2_11_-";dur=1
X-Akamai-Transformed
Other
9 - 0 pmb=mNONE,1mRUM,3
X-B3-Traceid
Other
b48d8e339535afa5f2e1aee04d0c8e99
X-Branch-Name
Other
production-2026-01-08--22-09-27
X-Build-Number
Other
1
X-Commerce-Region
Other
us-east-1
X-Commit-Sha
Other
400a9f2bc
X-Environment
Other
production
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology