HTTP Headers Analysis for https://path.nintex.com

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Vary

Performance

Origin

connection: close
vary: Origin

Caching Headers

Cache-Control

Caching

no-cache

cache-control: no-cache

Content Headers

Content-Length

Content

9

content-length: 9

Server Headers

X-Runtime

Server

0.014354

x-runtime: 0.014354

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: _session_id=426a4d99139060bea322bcfc1d3f3820; path=/; expires=Thu, 07 May 2026 03:44:52 GMT; secure; HttpOnly; SameSite=None

Other Headers

Date

Other

Wed, 06 May 2026 03:44:52 GMT

Location

Other

/auth/failure?message=invalid_ticket&strategy=saml

X-Download-Options

Other

noopen

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

0a3560eb727f574027e6688710471558

date: Wed, 06 May 2026 03:44:52 GMT
location: /auth/failure?message=invalid_ticket&strategy=saml
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-request-id: 0a3560eb727f574027e6688710471558

Recommendations

Enable compression (gzip/brotli) to improve performance