Open
Cached
·
just now
30
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=15768000
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
Transfer-Encoding
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding, User-Agent
Caching Headers
2 headers
Cache-Control
Caching
private, no-cache, no-store, max-age=0, must-revalidate
Etag
Caching
"14c81j66rel7sfg"
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
Server
Server
Groupon
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
bm_sz=893B9B0CADF9EC07A3FA61D45C589A31~YAAQiM5JF0W7yembAQAAdcq3/x7gT0iew4dvlaIxmq2EEUACtrT31ScVsq15pycv8yIpi49n9h+KuJePPM5tK6tkW4SQv1PqeMlUUqEYh/WJ0R7U3+AHxTjoqQ5UFU58o+Hl5uHUbyoWDWolHWp8EqXvlAsbA0BVvaMJqPXZRHN0TEkFvrQucmNXdjjFPaVP6tincBba8QZadFM3KX8w8nwkJcJMDby8lGlK5NtfI5KimqJRCJ/5a4GDjeKtet/lqR799XN4y1bYDDg3doqiWwPJOXP3w/oCPpOm4p3yjT8iBn1DXM8r2ZjUPYNM3itL27LO5JttI2OfjFMPvZ2c8UBGyGnUt1GyX1UQxKt3lg==~3159602~3752243; Domain=.groupon.com; Path=/; Expires=Tue, 27 Jan 2026 17:49:52 GMT; Max-Age=14399
Other Headers
19 headers
Date
Other
Tue, 27 Jan 2026 13:49:53 GMT
Server-Timing
Other
rReq;dur=1032, rCon;dur=0, rHdr;dur=1032, hbi;dur=1025, mdlw;dur=101,gIP;dur=1,gSSP;dur=382,rndr;dur=517,total;dur=1012
X-Akamai-Transformed
Other
0 - 0 -
X-B-Cookie
Other
72e82543-d90a-4b87-a825-43d90a8b872c
X-B3-Traceid
Other
19ab9bd1fb4947048b5d80b62f8913a9
X-Destination
Other
tls_conveyor_next
X-Envoy-Upstream-Service-Time
Other
1033
X-External-Request-Id
Other
true
X-Forwarded-Proto
Other
https
X-Grpn-Served-By-Pod
Other
next-pwa-app--itier--default-7dcd7b78c7-vzsgs
X-Mtls-Upstream-Time
Other
1025
X-Original-Request-Id
Other
19ab9bd1-fb49-4704-8b5d-80b62f8913a9
X-Permitted-Cross-Domain-Policies
Other
none
X-Request-Id
Other
19ab9bd1-fb49-4704-8b5d-80b62f8913a9,19ab9bd1-fb49-4704-8b5d-80b62f8913a9
X-Request-Originated-From
Other
envoy-tls-side-car--ingress-https
X-Response-Served-From
Other
routing-service--public--us-central1--default--conveyor-gcp-production2
X-S-Cookie
Other
e196e425-4135-4f38-96e4-2541357f3874
X-Signifyd-Cookie
Other
5e9bf0d7-3807-41e9-9bf0-d73807f1e979
X-Ua-Compatible
Other
IE=edge,chrome=1
Recommendations
Enable compression (gzip/brotli) to improve performance