HTTP Headers Analysis for https://paperlesspost.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000; includeSubdomains

Content-Security-Policy

Weak

frame-ancestors Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Significantly strengthen CSP directives
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Consider adding Permissions-Policy to control browser features

Performance Headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Vary

Performance

Accept-Encoding, x-pp-could-be-logged-in,x-election-2026-03-tof-mobile-search-improvement,x-election-2026-04-tof-mw-create-full-plp-abc

accept-ranges: bytes
connection: close
vary: Accept-Encoding, x-pp-could-be-logged-in,x-election-2026-03-tof-mobile-search-improvement,x-election-2026-04-tof-mw-create-full-plp-abc

Caching Headers

Age

Caching

0

Cache-Control

Caching

no-cache

Etag

Caching

"vympda0vd490uu"

age: 0
cache-control: no-cache
etag: "vympda0vd490uu"

Content Headers

Content-Length

Content

421082

Content-Type

Content

text/html; charset=utf-8

content-length: 421082
content-type: text/html; charset=utf-8

Server Headers

No server headers found

CORS Headers

Access-Control-Allow-Credentials

Cors

true

Access-Control-Allow-Headers

Cors

DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization

Access-Control-Allow-Methods

Cors

GET, PUT, POST, DELETE, PATCH, OPTIONS

Access-Control-Max-Age

Cors

1728000

access-control-allow-credentials: true
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-max-age: 1728000

Cookies Headers

Set-Cookie

Cookies

set-cookie: FastlyConstructor=true; SameSite=Lax; domain=.paperlesspost.com; secure;
ConstructorioID_client_id=5c47d04c-91c5-40a0-a9ff-b24f2a9081d1; max-age=31536000; SameSite=Lax; path=/; domain=.paperlesspost.com; secure;
ConstructorioID_session_id=1; max-age=31536000; SameSite=Lax; path=/; domain=.paperlesspost.com; secure;
ConstructorioID_session={"sessionId":1,"lastTime":1778065732000}; max-age=31536000; SameSite=Lax; path=/; domain=.paperlesspost.com; secure;
visitor_id=e9f337ee-83f1-4536-9064-191b7918133e; max-age=31536000; SameSite=Lax; path=/; secure;
forced_elections=; expires=Wed, 29 Apr 2026 11:08:52 GMT; SameSite=Lax; path=/; secure;
edge_experiments={"session_id":"e9f337ee-83f1-4536-9064-191b7918133e","updated_at":1778065733,"2026-04-tof-logged-out-editing-uyo":{"feature_id":1775761872,"created_at":1778065733,"variant_name":"b","variant_id":2,"is_control":0,"user_type":"session"},"2026-04-tof-logged-out-editing-flyer-free":{"feature_id":1775761840,"created_at":1778065733,"variant_name":"b","variant_id":2,"is_control":0,"user_type":"session"},"2026-04-data-rev-aa":{"feature_id":1776446627,"created_at":1778065733,"variant_name":"a","variant_id":1,"is_control":1,"user_type":"session"},"2026-Q2-unified-paygo-abc":{"feature_id":1776701251,"created_at":1778065733,"variant_name":"control2","variant_id":2,"is_control":0,"user_type":"session"},"2026-04-tof-mw-create-full-plp-abc":{"feature_id":1777573165,"created_at":1778065733,"variant_name":"b","variant_id":2,"is_control":0,"user_type":"session"}}; max-age=31536000; SameSite=Lax; path=/; secure;
country_code=US; expires=Thu, 07 May 2026 11:08:52 GMT; SameSite=Lax; domain=.paperlesspost.com; path=/; secure;

Other Headers

Date

Other

Wed, 06 May 2026 11:08:52 GMT

Server-Timing

Other

cache;desc="MISS, MISS"

X-Cache

Other

MISS, MISS

X-Cache-Hits

Other

0, 0

X-Cdn

Other

fastly

X-Served-By

Other

cache-iad-kcgs7200092-IAD, cache-iad-kcgs7200092-IAD, cache-ewr-kewr1740033-EWR

X-Timer

Other

S1778065733.667425,VS0,VE192

date: Wed, 06 May 2026 11:08:52 GMT
server-timing: cache;desc="MISS, MISS"
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-cdn: fastly
x-served-by: cache-iad-kcgs7200092-IAD, cache-iad-kcgs7200092-IAD, cache-ewr-kewr1740033-EWR
x-timer: S1778065733.667425,VS0,VE192

Recommendations

Enable compression (gzip/brotli) to improve performance