HTTP Headers Analysis for https://runtime.commercecloud.com

Detected Technologies from Headers

See all in URL Inspect 7

AWS Active incidents

AWS API Gateway

AWS CloudFront

Google Cloud Storage

Pendo

Salesforce Cloud

Sentry Active incidents

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=15552000; includeSubDomains

Content-Security-Policy

Basic

upgrade-insecure-requests; connect-src; frame-src; +11 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Vary

Performance

Accept-Encoding

connection: close
vary: Accept-Encoding

Caching Headers

Etag

Caching

W/"764-z8wkiUP8KjnE5JceNs+zDmZCCuc"

etag: W/"764-z8wkiUP8KjnE5JceNs+zDmZCCuc"

Content Headers

Content-Length

Content

1892

Content-Type

Content

text/html; charset=utf-8

content-length: 1892
content-type: text/html; charset=utf-8

Server Headers

Server

CloudFront

server: CloudFront

CORS Headers

No CORS headers found

Cookies Headers

No cookies headers found

Other Headers

Alt-Svc

Other

h3=":443"; ma=86400

Date

Other

Mon, 11 May 2026 08:06:56 GMT

Origin-Agent-Cluster

Other

?1

Via

Other

1.1 95ad9d4dc596fb803e3114c8dbdc4b60.cloudfront.net (CloudFront)

X-Amz-Apigw-Id

Other

dMMlNHdOCYcEaaQ=

X-Amz-Cf-Id

Other

6VyVZKpE4JcnH3Ztfel_nk76L73OTB5Lt8XnPcgTsCNef-JjR0i4uw==

X-Amz-Cf-Pop

Other

IAD61-P1

X-Amzn-Remapped-Connection

Other

keep-alive

X-Amzn-Remapped-Content-Length

Other

1892

X-Amzn-Remapped-Date

Other

Mon, 11 May 2026 08:06:56 GMT

X-Amzn-Requestid

Other

ef4a5707-6ef8-4d5c-8b6b-06d2dba3e3d0

X-Amzn-Trace-Id

Other

Root=1-6a018e20-373250f26888bacd117eedbf;Parent=0ceb3ee6bea50c84;Sampled=0;Lineage=1:c18274f2:0

X-Cache

Other

Miss from cloudfront

X-Dns-Prefetch-Control

Other

off

X-Download-Options

Other

noopen

X-Permitted-Cross-Domain-Policies

Other

none

alt-svc: h3=":443"; ma=86400
date: Mon, 11 May 2026 08:06:56 GMT
origin-agent-cluster: ?1
via: 1.1 95ad9d4dc596fb803e3114c8dbdc4b60.cloudfront.net (CloudFront)
x-amz-apigw-id: dMMlNHdOCYcEaaQ=
x-amz-cf-id: 6VyVZKpE4JcnH3Ztfel_nk76L73OTB5Lt8XnPcgTsCNef-JjR0i4uw==
x-amz-cf-pop: IAD61-P1
x-amzn-remapped-connection: keep-alive
x-amzn-remapped-content-length: 1892
x-amzn-remapped-date: Mon, 11 May 2026 08:06:56 GMT
x-amzn-requestid: ef4a5707-6ef8-4d5c-8b6b-06d2dba3e3d0
x-amzn-trace-id: Root=1-6a018e20-373250f26888bacd117eedbf;Parent=0ceb3ee6bea50c84;Sampled=0;Lineage=1:c18274f2:0
x-cache: Miss from cloudfront
x-dns-prefetch-control: off
x-download-options: noopen
x-permitted-cross-domain-policies: none

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching