DNS Gurus

HTTP Headers Analysis for https://npmjs.com

Analyzed on November 02, 2025 at 19:09 UTC

URL: https://npmjs.com | Status: 200

20 Headers
Total Found

HTTP Security Headers

Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Good
connect-src; default-src; img-src; +5 more
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Strengthen CSP by removing 'unsafe-eval'
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers
Connection
Performance
keep-alive
Vary
Performance
x-requested-with, x-spiferack, Accept-Encoding

Caching Headers

3 headers
Age
Caching
1165
Cache-Control
Caching
public, max-age=14400
Last-Modified
Caching
Sun, 02 Nov 2025 18:50:20 GMT

Content Headers

2 headers
Content-Length
Content
31018
Content-Type
Content
text/html

Server Headers

1 headers
Server
Server
cloudflare

CORS Headers

0 headers
No CORS headers found

Cookies Headers

1 headers
Set-Cookie
Cookies
_cfuvid=T7NQUR61x.YVVeTVlLembXZXJzXtDF7UDLVopdyl_bQ-1762110589492-0.0.1.1-604800000; path=/; domain=.npmjs.com; HttpOnly; Secure; SameSite=None

Other Headers

6 headers
Cf-Cache-Status
Other
HIT
Cf-Ray
Other
9985edb00d08fc57-IAD
Date
Other
Sun, 02 Nov 2025 19:09:49 GMT
Npm-Cost
Other
1
Npm-Remaining
Other
99
X-Content-Security-Policy
Other
connect-src 'self' checkout.stripe.com https://checkout.stripe.com https://billing.stripe.com/session https://api.funcaptcha.com https://api.arkoselabs.com sentry.io api.github.com www.npmjs.com;default-src 'none';img-src * data: https://*.stripe.com;script-src 'self' data: 'unsafe-inline' https://checkout.stripe.com/checkout.js https://checkout.stripe.com https://js.stripe.com/v3 https://platform.twitter.com/widgets.js https://octocaptcha.com https://static-production.npmjs.com/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static-production.npmjs.com/;frame-src checkout.stripe.com https://checkout.stripe.com https://js.stripe.com/ https://octocaptcha.com;font-src https://fonts.gstatic.com https://static-production.npmjs.com/ ;media-src https://player.vimeo.com https://fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net https://vod-progressive.akamaized.net

Recommendations

Enable compression (gzip/brotli) to improve performance

Analysis completed in 118ms