Open
Cached
·
just now
23
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=47474747; includeSubDomains; preload
Content-Security-Policy
Weak
upgrade-insecure-requests; report-uri
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Significantly strengthen CSP directives
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
4 headers
Connection
Performance
Transfer-Encoding
Content-Encoding
Performance
gzip
Transfer-Encoding
Performance
chunked
Vary
Performance
Content-Type,Accept-Encoding,User-Agent
Caching Headers
3 headers
Cache-Control
Caching
no-cache
Expires
Caching
-1
Pragma
Caching
no-cache
Content Headers
3 headers
Content-Encoding
Content
gzip
Content-Language
Content
en-CA
Content-Type
Content
text/html;charset=UTF-8
Server Headers
1 headers
Server
Server
Server
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
lc-acbca=en_CA; Domain=.amazon.ca; Expires=Tue, 19-Jan-2027 19:53:46 GMT; Path=/
Other Headers
7 headers
Accept-Ch
Other
ect,rtt,downlink,device-memory,sec-ch-device-memory,viewport-width,sec-ch-viewport-width,dpr,sec-ch-dpr,sec-ch-ua-full-version-list,sec-ch-ua-platform,sec-ch-ua-platform-version
Accept-Ch-Lifetime
Other
86400
Alt-Svc
Other
h3=":443"; ma=93600
Content-Security-Policy-Report-Only
Other
default-src 'self' blob: https: data: mediastream: 'unsafe-eval' 'unsafe-inline';report-uri https://metrics.media-amazon.com/
Date
Other
Mon, 19 Jan 2026 19:53:46 GMT
X-Amz-Rid
Other
VDM7NS5KG02SFRXY66TB
X-Amzn-Cdn-Id
Other
ak-0.16643717.1768852426.de9ee9c
Recommendations
No recommendations at this time