HTTP Headers Analysis for https://padlet.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=15552000; includeSubDomains; preload

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding, Accept-Language

Caching Headers

1 headers

Cache-Control

Caching

max-age=0, private, must-revalidate

Content Headers

1 headers

Content-Type

Content

text/html; charset=utf-8

Server Headers

2 headers

Server

cloudflare

X-Runtime

Server

5.079161

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

__cf_bm=MfXjhHX6DE53cHC3ZcoCABQZR5Kgn9rIs1aXiRE9.II-1768563037-1.0.1.1-i_pua8sekuLWFuBBL8BbYmUzxIwKyXCXxKlNm_Rf.ziX_LxWGMcQykbXaFXr1AbhK4oDfN5d.io0yGCsMbyw5rFPwP0ILgOZ2IlsUKxEKRVwacB_.cejmdRBlMoFUxKw; path=/; expires=Fri, 16-Jan-26 12:00:37 GMT; domain=.padlet.com; HttpOnly; Secure; SameSite=None

Other Headers

16 headers

Alt-Svc

Other

h3=":443"; ma=86400

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9bed4807fe5ee625-IAD

Content-Security-Policy-Report-Only

Other

script-src 'self' padlet.net maps.googleapis.com apis.google.com ta-echo.padlet.com api.commandbar.com cdn.commandbar.com app.getbeamer.com challenges.cloudflare.com embed.cloudflarestream.com cdn.usefathom.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' padlet.net fonts.googleapis.com cdn.commandbar.com app.getbeamer.com 'unsafe-inline'; font-src 'self' padlet.net fonts.gstatic.com data:; report-uri https://padlet.com/csp-report;

Date

Other

Fri, 16 Jan 2026 11:30:37 GMT

Link

Other

<https://padlet.net/ui/assets/landside-xbODuir-.js>; rel=modulepreload; as=script; crossorigin=anonymous; nopush,<https://padlet.net/ui/assets/landside-BKtLm9aT.css>; rel=preload; as=style; nopush,<https://padlet.net/ui/assets/tailwind-B5Zet8XU.css>; rel=preload; as=style; nopush,<https://padlet.net/ui/assets/OzIcon-Dg2mQp41.css>; rel=preload; as=style; nopush,<https://padlet.net/ui/assets/OzPadletLogo-CTWHZv6G.css>; rel=preload; as=style; nopush,<https://padlet.net/ui/assets/OzOverlay-BCcFiH3u.css>; rel=preload; as=style; nopush,<https://padlet.net/ui/assets/OzInput-BWJnI1QF.css>; rel=preload; as=style; nopush,<https://padlet.net/fonts/inter/subset/inter-latin.woff2>;rel="preload";as="font";crossorigin,<https://padlet.net/fonts/inter/subset/inter-latin.woff2>; rel=preload; as=font; type=font/woff2; crossorigin=anonymous

P3p

Other

CP="IDC DSP COR CURa ADMa OUR NOR ONL COM"

Report-To

Other

{"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=EtdETzO1fqPvpa6sT7M9Kje.v4efnfNgHMmbW15YrvU-1768563037-1.0.1.1-ZzEPuZUawlA6.ovQJkuKScor__u2z.749ZAVXD_S2FlcHV4Vjq6G3Uq6MohuDGvm0U6TeI0J6GLD8Xl9uYdtXdI5PZJ6.t_V69uuzdRfAl1XhmXEvoSDbJE2AGY7123GnhilAo5WAfn9rtM5AJHjbw3oA3LC9FKWID3UoR_wCk0"}],"group":"cf-csp-endpoint","max_age":86400}

Via

Other

1.1 google

Ww-App-Version

Other

v-2601160917-a9df8-production

Ww-Box

Other

mozart-web-5dbdc9b796-bdmk7

Ww-Cat

Other

landside

Ww-Qt

Other

medium

X-Backend

Other

GKE-mozart-production

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

6838f340-806f-45bf-af21-7d6869479ed1

Recommendations

Enable compression (gzip/brotli) to improve performance