HTTP Headers Analysis for https://press.groupon.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=15768000

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Connection

Performance

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding, User-Agent

Caching Headers

1 headers

Cache-Control

Caching

private, max-age=0, no-cache, no-store, must-revalidate

Content Headers

1 headers

Content-Type

Content

text/html; charset=utf-8

Server Headers

1 headers

Server

Groupon

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

bm_sz=C848EC660ED1F8AA48960931BFC6C8B9~YAAQFmrcF5O1ftubAQAAlqCfAR42Lo0OKnKORdBgg5ABcEYaT7rx3iwcd51hF2s/ZPmMmLbiXdrcrwzRr9uKjJcWjtVZDyfiv5SUDp/ESm3mAu2Uaj2YeUSe9s/gOsrldUPWhilUuneKRufjj4SGm8a/RKZCm7P+WjrQ60lB/rc7UO4K2s5xGp87h2UWgS0C5Lt4bn+Q/bQtJ3CZQKgBasrT46eXZChLbNBaHlg9g9jcP2LI6dAxVZL58YyIQJ6hQum8TdbJ3K2fcq3DcLaTm3RqG5cHIknQA3MWjJr0PgSyCWsn57Om3kLAMbcpS6akpHRVxGpkt5TqH0+AxFja5kGr2yGhwgun0OrP6YcWmw==~3488048~3683892; Domain=.groupon.com; Path=/; Expires=Wed, 28 Jan 2026 02:42:44 GMT; Max-Age=14400

Other Headers

19 headers

Date

Other

Tue, 27 Jan 2026 22:42:44 GMT

Server-Timing

Other

rReq;dur=401, rCon;dur=0, rHdr;dur=402, hbi;dur=382

X-Akamai-Transformed

Other

0 - 0 -

X-Application

Other

Pull-Itier

X-B-Cookie

Other

9a2634cb-0c37-4219-a634-cb0c37621963

X-B3-Traceid

Other

94e958349b4b41fa9cad6c3bb8fee641

X-Destination

Other

tls_conveyor_pull_itier

X-Envoy-Upstream-Service-Time

Other

402

X-External-Request-Id

Other

true

X-Forwarded-Proto

Other

https

X-Mtls-Upstream-Time

Other

382

X-Original-Request-Id

Other

94e95834-9b4b-41fa-9cad-6c3bb8fee641

X-Page-Id

Other

3964f819-fae0-4299-a4f8-19fae0829935-1769553764040-TH0

X-Request-Id

Other

94e95834-9b4b-41fa-9cad-6c3bb8fee641,94e95834-9b4b-41fa-9cad-6c3bb8fee641

X-Request-Originated-From

Other

envoy-tls-side-car--ingress-https

X-Response-Served-From

Other

routing-service--public--us-central1--default--conveyor-gcp-production2

X-S-Cookie

Other

3964f819-fae0-4299-a4f8-19fae0829935

X-Signifyd-Cookie

Other

23ec63d4-d11f-46b5-ac63-d4d11f76b51d

X-Ua-Compatible

Other

IE=edge,chrome=1

Recommendations

Enable compression (gzip/brotli) to improve performance