HTTP Headers Analysis for https://secure.aha.io

Detected Technologies from Headers

See all in URL Inspect 24

Aha!

AWS Active incidents

Amazon S3

Box

Datadog

Figma

GitHub

Google API JS Client

Google Fonts

Google Hosted Libraries

Google Search

Google Static File Front End

Google Sign-In

G Workspace

Loom

Miro

OpenResty

Recurly

Sentry Active incidents

Vimeo

Wistia

YouTube

Google Cloud

Microsoft Azure

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; script-src; worker-src; +9 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

geolocation=(), microphone=(), payment=()

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

connection: close
transfer-encoding: chunked

Caching Headers

Cache-Control

Caching

no-store

Etag

Caching

W/"d5b498c88ed4afa4ea45ce0b796d848d"

Expires

Caching

Fri, 01 Jan 1970 00:00:00 GMT

Pragma

Caching

no-cache

cache-control: no-store
etag: W/"d5b498c88ed4afa4ea45ce0b796d848d"
expires: Fri, 01 Jan 1970 00:00:00 GMT
pragma: no-cache

Content Headers

Content-Type

Content

text/html; charset=utf-8

content-type: text/html; charset=utf-8

Server Headers

Server

openresty

X-Runtime

Server

0.037074

server: openresty
x-runtime: 0.037074

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: _aha_t=7638669726177510709; domain=aha.io; path=/; expires=Thu, 11 May 2028 16:19:49 GMT; secure; SameSite=Lax
_aha_app_2=VMOoSelO8dv0M2UeRSYqhI%2FyKsdPRQ94EvIDI5DN6GU7JZbvG%2BedGNJxS%2BlVn%2Fprk%2FjNQD%2FY4gr%2BR1fyqjNYfWKcV9zG%2F9RZ0Wz9wfG1iG%2F6KkXvn7xobyoxpYf2voHh3BmEc6Y60gv1WSlH7oH%2F4EpqLPtJe%2BIXxgnYR%2FdzaaY0z4zncqvJn7Vo8lYGlKhE2FxiFgYzpDsgGvG0cgXyeMOIStXq1dtndBSDq9UMUWp83CGZ6SzLyG9VwGMoifqq0rCsCZNnpIbYsM41Ky0LwHTd--NYmf4lm0LsFxWH3m--G95dpYxFs7DX8Sc3rcu5mg%3D%3D; path=/; secure; HttpOnly; SameSite=Lax

Other Headers

Date

Other

Mon, 11 May 2026 16:19:49 GMT

Feature-Policy

Other

geolocation 'none'; microphone 'none'; payment 'none'

Link

Other

URL

https://cdn.aha.io/assets/application_library_styles-v2-32eb5ac94007fc2e4d1eecddd98275af.css

rel=preload as=style nopush

URL

https://cdn.aha.io/assets/application-v2-57099bc7576e143c113526e8ab80aeae.css

rel=preload as=style nopush

URL

https://cdn.aha.io/assets/runtime-v2-9e6387bc6a70223526546c68e5edeae0.js

rel=preload as=script nopush

URL

https://cdn.aha.io/assets/vendor-v2-684079ac4009ba0e368b3005a19e8b75.js

rel=preload as=script nopush

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

d82bd12d-2f8d-4a58-be16-be6b312f253f

date: Mon, 11 May 2026 16:19:49 GMT
feature-policy: geolocation 'none'; microphone 'none'; payment 'none'
link: <https://cdn.aha.io/assets/application_library_styles-v2-32eb5ac94007fc2e4d1eecddd98275af.css>; rel=preload; as=style; nopush,<https://cdn.aha.io/assets/application-v2-57099bc7576e143c113526e8ab80aeae.css>; rel=preload; as=style; nopush,<https://cdn.aha.io/assets/runtime-v2-9e6387bc6a70223526546c68e5edeae0.js>; rel=preload; as=script; nopush,<https://cdn.aha.io/assets/vendor-v2-684079ac4009ba0e368b3005a19e8b75.js>; rel=preload; as=script; nopush,<https://cdn.aha.io/assets/external_app-v2-e0102c1ee5965c7375058d14d64b9356.js>; rel=preload; as=script; nopush
x-permitted-cross-domain-policies: none
x-request-id: d82bd12d-2f8d-4a58-be16-be6b312f253f

Recommendations

Enable compression (gzip/brotli) to improve performance