HTTP Headers Analysis for https://paragraphstacker.com

Detected Technologies from Headers

See all in URL Inspect 2

Cloudflare CDN

Express

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Weak

frame-ancestors Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Significantly strengthen CSP directives
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

connection: close
transfer-encoding: chunked
vary: Accept-Encoding

Caching Headers

Cache-Control

Caching

no-cache

cache-control: no-cache

Content Headers

Content-Type

Content

text/html; charset=utf-8

content-type: text/html; charset=utf-8

Server Headers

Server

cloudflare

X-Powered-By

Server

Express

server: cloudflare
x-powered-by: Express

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: ab_experiment_sampled=%22true%22; Max-Age=31536000; Domain=substack.com; Path=/; Expires=Tue, 04 May 2027 01:40:59 GMT; HttpOnly; Secure; SameSite=Lax
ab_testing_id=%22a79a2775-b37c-4453-b83a-6fd21b68c515%22; Max-Age=31536000; Domain=substack.com; Path=/; Expires=Tue, 04 May 2027 01:40:59 GMT; HttpOnly; Secure; SameSite=Lax
AWSALBTG=DiKuELucKC73HXaZbCUDaZINwDd2UBqxfNvAUJ90I7cJ50gSVP2gjT7cW2C8sRW7+wy8y1xsYHCH+31y1KRpiJ9PUzksJKIujkHM9DoNBM8eW+v12o8rqPEdZtak2XLqO2CqRJlqtrTaibFi3Okg4IN/efbV575du8JrB+D79fnM; Expires=Mon, 11 May 2026 01:40:59 GMT; Path=/
AWSALBTGCORS=DiKuELucKC73HXaZbCUDaZINwDd2UBqxfNvAUJ90I7cJ50gSVP2gjT7cW2C8sRW7+wy8y1xsYHCH+31y1KRpiJ9PUzksJKIujkHM9DoNBM8eW+v12o8rqPEdZtak2XLqO2CqRJlqtrTaibFi3Okg4IN/efbV575du8JrB+D79fnM; Expires=Mon, 11 May 2026 01:40:59 GMT; Path=/; SameSite=None; Secure
cookie_storage_key=afe0688c-d7b8-4fbd-9ec2-4b8f09a74036; Max-Age=7776000; Domain=substack.com; Path=/; Expires=Sun, 02 Aug 2026 01:40:59 GMT; Secure; SameSite=None
ajs_anonymous_id=%220cfa273b-3792-41ab-915b-9f3a23543950%22; Max-Age=31536000; Domain=substack.com; Path=/; Expires=Tue, 04 May 2027 01:40:59 GMT; SameSite=Strict
visit_id=%7B%22id%22%3A%22a6479658-7b1e-49ed-bd8c-c2bbb4fa593e%22%2C%22timestamp%22%3A%222026-05-04T01%3A40%3A59.540Z%22%7D; Max-Age=1800; Domain=substack.com; Path=/; Expires=Mon, 04 May 2026 02:10:59 GMT; HttpOnly; SameSite=Strict
__cf_bm=0BHR8Gd4dit_Wmp5mXkIOWpLhuBYeco5rHWr9nQQRxI-1777858859.516466-1.0.1.1-oxPMorT4f6XmaG.GBzBmePAAlp9_Bpqg1mqHfV1zlxtgf38qP7wmwAvw8j1uaV0uHz6zwK9JwsPHzzdTKqIL3MAXb_IVYv_FzMSsKL4U9RJh3.OcCboZY8QxVGc7jwSH; HttpOnly; Secure; Path=/; Domain=substack.com; Expires=Mon, 04 May 2026 02:10:59 GMT

Other Headers

Alt-Svc

Other

h3=":443"; ma=86400

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9f63cceffac2078c-IAD

Date

Other

Mon, 04 May 2026 01:40:59 GMT

X-Cluster

Other

substack

X-Deploy

Other

fbcbe423b0

X-Served-By

Other

Substack

X-Service

Other

web

X-Sub

Other

paragraphstacker

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 9f63cceffac2078c-IAD
date: Mon, 04 May 2026 01:40:59 GMT
x-cluster: substack
x-deploy: fbcbe423b0
x-served-by: Substack
x-service: web
x-sub: paragraphstacker

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology