HTTP Headers Analysis for https://stackhawk.com

Detected Technologies from Headers

See all in URL Inspect 4

Cloudflare CDN

Google Fonts

jsDelivr

Sentry

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=63072000; includeSubdomains; preload

Content-Security-Policy

Weak

upgrade-insecure-requests Analyze

Content-Security-Policy-Report-Only

Basic

default-src; script-src; script-src-elem; +6 more Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

camera=(), microphone=(), geolocation=*; +1 more

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Significantly strengthen CSP directives

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding, Accept-Encoding, Accept-Encoding

connection: close
transfer-encoding: chunked
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding

Caching Headers

Age

Caching

27026

Cache-Control

Caching

max-age=86400, must-revalidate

Last-Modified

Caching

Mon, 13 Apr 2026 14:07:47 GMT

age: 27026
cache-control: max-age=86400, must-revalidate
last-modified: Mon, 13 Apr 2026 14:07:47 GMT

Content Headers

Content-Type

Content

text/html; charset=UTF-8

content-type: text/html; charset=UTF-8

Server Headers

Server

cloudflare

server: cloudflare

CORS Headers

No CORS headers found

Cookies Headers

No cookies headers found

Other Headers

Alt-Svc

Other

h3=":443"; ma=86400

Cf-Apo-Via

Other

tcache

Cf-Cache-Status

Other

HIT

Cf-Edge-Cache

Other

cache,platform=wordpress

Cf-Ray

Other

9f7c68aecb566777-ATL

Date

Other

Thu, 07 May 2026 01:21:37 GMT

Report-To

Other

Group csp-endpoint max-age: 52w

Endpoint 1 https://o360010.ingest.sentry.io/api/5670260/security/?sentry_key=2b7b422bc27748d9a7275d097a190f31

Reporting-Endpoints

Other

default-endpoint="https://o360010.ingest.sentry.io/api/5670260/security/?sentry_key=2b7b422bc27748d9a7275d097a190f31";

X-Cache

Other

X-Cache-Group

Other

normal

X-Cacheable

Other

YES:86400.000

X-Orig-Cache-Control

Other

max-age=86400, must-revalidate

X-Permitted-Cross-Domain-Policies

Other

none

alt-svc: h3=":443"; ma=86400
cf-apo-via: tcache
cf-cache-status: HIT
cf-edge-cache: cache,platform=wordpress
cf-ray: 9f7c68aecb566777-ATL
date: Thu, 07 May 2026 01:21:37 GMT
report-to: {"group":"csp-endpoint","max_age":31536000,"endpoints":[{"url":"https://o360010.ingest.sentry.io/api/5670260/security/?sentry_key=2b7b422bc27748d9a7275d097a190f31"}],"include_subdomains":true}
reporting-endpoints: default-endpoint="https://o360010.ingest.sentry.io/api/5670260/security/?sentry_key=2b7b422bc27748d9a7275d097a190f31";
x-cache: HIT: 17
x-cache-group: normal
x-cacheable: YES:86400.000
x-orig-cache-control: max-age=86400, must-revalidate
x-permitted-cross-domain-policies: none

Recommendations

Enable compression (gzip/brotli) to improve performance