HTTP Headers Analysis for https://splithero.com

Detected Technologies from Headers

See all in URL Inspect 1

Nginx

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Present

interest-cohort=()

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

connection: close
transfer-encoding: chunked
vary: Accept-Encoding

Caching Headers

Cache-Control

Caching

no-cache, private

Etag

Caching

"84f79f0ead02af6ce1e7daaafc188d37"

cache-control: no-cache, private
etag: "84f79f0ead02af6ce1e7daaafc188d37"

Content Headers

Content-Type

Content

text/html; charset=utf-8

content-type: text/html; charset=utf-8

Server Headers

Server

nginx

X-Powered-By

Server

Statamic

server: nginx
x-powered-by: Statamic

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: XSRF-TOKEN=eyJpdiI6IkRvY0dmKzJMdmRKT2c3K2xObVNKUGc9PSIsInZhbHVlIjoiSHc2SUdnamlJcGZ6cXE4TUlSWnRNSUx6dU00aWNGZ25qQm9uZXh0cXoyd01ITFNOSyttRWkwY2JienlxVFE2T04wb2FxeGtzRTc3dm1XZEswUTVjc2RvckFObHNqL2JRMlZPa3diRCt1b0s1MzlpTnRwNW1rZk5LZEVMMDM5UVIiLCJtYWMiOiJjMjI2ODYzMjAwN2JhYzBhM2M0YjJkMjFiYjFiYjA1Yzg1NzBlMjgwZDM4ODg3ODU5YTdkMjUyMTk3NmZiNTY2IiwidGFnIjoiIn0%3D; expires=Tue, 07 Apr 2026 12:26:39 GMT; Max-Age=7200; path=/; secure; samesite=lax
split_hero_session=eyJpdiI6IkxyM0tyOUNEK2VOZGIvV0pROUtIQWc9PSIsInZhbHVlIjoiVUMwWW9qUFYwZXV4UEEvOEJ6MWxyS0MreWVENkVkSjNkUlA2SmN3K0c4UXI2UzhnN05XM25wZEJMKy96M2pjY05QSHVQTTVBWFlJZzgzVFV1QysyZXlnWVFaR2ZnU2VrL2ZhS2RQK2lvZ045S2U1aElCUGlubW40VU00S1ByYjciLCJtYWMiOiIwM2M4NjBmNzcwMjI4MzMzZWI2N2VjMDBkYzJlMzdmOTM2NDAyZTY5MDc3OTZmYWQ0OTY1OTg1MzU0MDM2NjhjIiwidGFnIjoiIn0%3D; expires=Tue, 07 Apr 2026 12:26:39 GMT; Max-Age=7200; path=/; secure; httponly; samesite=lax

Other Headers

Date

Other

Tue, 07 Apr 2026 10:26:39 GMT

date: Tue, 07 Apr 2026 10:26:39 GMT

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology