HTTP Headers Analysis for https://roadmap.stoplight.io

Detected Technologies from Headers

See all in URL Inspect 16

Amazon CloudFront

HTML Load

Adobe Fonts (Typekit)

BootstrapCDN

ClearBit

Cloudflare CDN

Cloudflare RocketLoader

Didomi

Facebook

Google Analytics

Google Conversion Tracking

Google Tag Manager

Kong

OneTrust

Segment

unpkg

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Good

default-src; base-uri; child-src; +10 more

default-src 'self'; base-uri optimize.google.com; child-src *.stripe.com *.wistia.com *.wistia.net *.doubleclick.net *.productboard.com *.marketo.com optimize.google.com *.hotjar.com *.figma.com *.loom.com miro.com *.mural.co *.youtube.com *.google.com; connect-src 'self' cdn.productboard.com nucleus.productboard.net *.productboard.info *.pusher.com wss://*.pusher.com wss://ws.pusherapp.com:443 wss://ws.pusherapp.com ana-api.productboard.com *.segment.io *.segment.com nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-b.intercom.io api-iam.intercom.io *.intercomcdn.com api.sprig.com *.typekit.net api.mixpanel.com *.fullstory.com fullstory.com *.wistia.com *.facebook.com api.trello.com embedwistia-a.akamaihd.net heapanalytics.com *.googlesyndication.com *.google.com www.google-analytics.com *.litix.io *.clearbit.com *.mktoresp.com *.launchdarkly.com *.hotjar.com wss://*.hotjar.com *.ingest.sentry.io *.datadoghq.com *.browser-intake-datadoghq.com api-js.mixpanel.com api.amplitude.com api2.amplitude.com platformapi.metadata.io/insight directory.cookieyes.com/geoip/checker/result.php geoip.cookieyes.com/geoip/checker/result.php active.cookieyes.com/api/15c129b68a4e12b799f6926d/log cdn-cookieyes.com/client_data/15c129b68a4e12b799f6926d/ consentlog.cookieyes.com/api/v1/log log.cookieyes.com/api/v1/log *.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com productboard.zendesk.com api.iterative.ly *.leadmanagerfx.com *.6sc.co *.adnxs.com events.rm-api.com app.satismeter.com cdn.cookielaw.org *.onetrust.com *.onetrust.io *.linkedin.com api.churnkey.co api.privacy-center.org; font-src 'self' cdn.productboard.com data: use.typekit.net fonts.typekit.net *.intercomcdn.com *.wistia.com heapanalytics.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com; frame-src *.stripe.com *.wistia.com *.wistia.net *.doubleclick.net *.productboard.com *.marketo.com optimize.google.com *.hotjar.com *.figma.com *.loom.com miro.com *.mural.co *.youtube.com *.google.com; img-src * data:; media-src 'self' data: blob: *.intercomcdn.com embedwistia-a.akamaihd.net *.wistia.com cdn.productboard.com nucleus.productboard.net *.zdassets.com; object-src 'none'; script-src 'strict-dynamic' 'self' cdn.productboard.com cdn.productboard.info blob: *.stripe.com use.typekit.net *.jquery.com unpkg.com/[email protected]/dist/es6-promise.min.js unpkg.com/[email protected]/fetch.js ana-api.productboard.com ana-cdn.productboard.com *.segment.com *.intercom.io *.intercomcdn.com cdn.sprig.com google-analytics.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com www.google.com optimize.google.com *.doubleclick.net cdn.heapanalytics.com heapanalytics.com cdn.mxpnl.com connect.facebook.net *.fullstory.com fullstory.com *.wistia.com *.wistia.net src.litix.io/core/2/mux.js *.hotjar.com *.ads-twitter.com *.licdn.com *.linkedin.com cdn.linkedin.oribi.io *.twitter.com d3pkntwtp2ukl5.cloudfront.net/uba.js t.unbounce.com pi.pardot.com *.clearbit.com clearbitjs.com *.marketo.net *.marketo.com *.productboard.com *.productboard.info ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js platformapi.metadata.io/insight *.zdassets.com *.6sc.co sdk.privacy-center.org 'sha256-1xtiB6mV1iIKZ5iz9CxA5lEnfEg8d0XEH3FL9L8NBqo=' 'sha256-JGNwU22sBNi7NDHL+wqlwIkC2JuuTqj3HSN50ociTRE=' 'sha256-aOTKS02cS1DYFDvnu05wssg6XS9PRp/dixdxdVh7ioI=' 'sha256-b9Ie95nOvwhEe9Hi9+dwQCZpCP7ZywQsClRCch8DMSw=' 'sha256-Jb0wOdCesDXxdafb67AmmRPkiiHRSjffdBYCqWytm/k=' 'sha256-wQru5sxHShlWpxT/nwecizNBThR4K8PhqVyc2mlJm7M=' 'sha256-1PNzWOuCr8g+upenwNprAOn3WZVu0HWomIWLsWX+rLg=' 'sha256-ZOa8X2G5qWRs9CiZ5FwQHOad+GnOtYuzGbe3Dt+OL/Q=' 'sha256-i9zis99gljeSD8jnXB7X1lGn51dh7FicTdU03wURvbE=' 'sha256-AAIyCeNkVoMxZQ/5yfTz/BG5v3Ib8KAmuVoTp+Q7psw=' 'sha256-a5kmznv6Sbv8b6fgtyyendMenyUkmGCFnqtvBufglCU=' 'sha256-7zBOkhS2vzHAGaz4pZ7r/FtCmEQ5bNIdVD/yOUnpgnM=' 'sha256-yhgBXYVXKRAhO8Vrs6nLnyx65xWIhNfJvDZuVpNDJbc=' 'sha256-wtAC4tcF3bmes4SrLnCIrvVVUhmyOlnIJAiZGqRWpbg=' 'sha256-9BQpJeeygWRbL7KAwJe4fSWvTuoLqh44ZNMdnD4PHro=' 'sha256-Tai0i/czjnslnZ2EDknVR5V9so039TbnC8mOBg+MmAU=' 'sha256-vK0+VSmPSv66WlmxQYMr/nW0KaajgkHdOnI8gB6soPA=' 'sha256-ajy9PYUtpzQkoj8ZgAmYVLwn8Qo71bhmx/YND44uy2w=' 'sha256-oagjFrRKVmNSOzTEo+ojTMeuFF7QrrKYHe3aVKBtFCo=' 'nonce-1KhoyDlc8zvl0v+za2hkDxm0+1sFP23bVgh/Rkxe7f0='; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com use.typekit.net p.typekit.net cdn.productboard.com cdn.productboard.info heapanalytics.com maxcdn.bootstrapcdn.com *.marketo.com info.productboard.com optimize.google.com assets.churnkey.co; worker-src 'self' blob:; report-uri /csp_report

X-Frame-Options

Present

ALLOWALL

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Strengthen CSP by removing 'unsafe-eval'
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

Caching Headers

1 headers

Cache-Control

Caching

no-cache

Content Headers

1 headers

Content-Type

Content

text/html; charset=utf-8

Server Headers

2 headers

Server

cloudflare

X-Runtime

Server

0.066640

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

_cfuvid=sE9VsNy51UgA1mC_rfnwNp4ws9Cr3nrtO53YvlQ68kQ-1771045671.7708526-1.0.1.1-6_jBm7HvqT62rBnRcsVjtOEwa4fS4ovN8ISOn4mQNeA; HttpOnly; SameSite=None; Secure; Path=/; Domain=roadmap.stoplight.io

Other Headers

13 headers

Cf-Apo-Via

Other

origin,host

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9cda0b588aa33aee-IAD

Date

Other

Sat, 14 Feb 2026 05:07:51 GMT

Server-Timing

Other

cfEdge;dur=13,cfOrigin;dur=127

Via

Other

1.1 kong/3.9.1

X-Download-Options

Other

noopen

X-Kong-Proxy-Latency

Other

0

X-Kong-Request-Id

Other

dcdc246d69099a26fc7d636323d67704

X-Kong-Upstream-Latency

Other

79

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

ae84e540-eac0-4b38-9c5d-cfece2e403af

X-Robots-Tag

Other

index, follow

Recommendations

Enable compression (gzip/brotli) to improve performance