HTTP Headers Analysis for https://staging.cms.exercise.com

Detected Technologies from Headers

See all in URL Inspect 3

Cloudflare NEL Monitoring

Cloudflare CDN

Kinsta

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

connection: close
transfer-encoding: chunked
vary: Accept-Encoding

Caching Headers

No caching headers found

Content Headers

Content-Type

Content

application/json; charset=UTF-8

content-type: application/json; charset=UTF-8

Server Headers

Server

cloudflare

server: cloudflare

CORS Headers

Access-Control-Allow-Credentials

Cors

true

Access-Control-Allow-Headers

Cors

Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type

Access-Control-Allow-Methods

Cors

GET

Access-Control-Allow-Origin

Cors

*

Access-Control-Expose-Headers

Cors

X-WP-Total, X-WP-TotalPages, Link

access-control-allow-credentials: true
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link

Cookies Headers

Set-Cookie

Cookies

set-cookie: wordpress_google_apps_login=b005cd07f0a2f9d6f60b044d031589ff; path=/; secure; HttpOnly
__cf_bm=QnACUI32V8SdGtQJ.WBRiYZ_SvP.1QZsXM8tvAf3CyE-1778565291-1.0.1.1-8LJ3Lwi4U1AuXxKQmX4fn.VQPPdy878pc3YN90V6yMEO8ClwKpyZXk.yH1V7JXHqD5MZKderBbqlkTZcDZbBIWZ4XGyifZkqNduryL5KiGc; path=/; expires=Tue, 12-May-26 06:24:51 GMT; domain=.staging.cms.exercise.com; HttpOnly; Secure; SameSite=None

Other Headers

Allow

Other

GET

Alt-Svc

Other

h3=":443"; ma=86400

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9fa72bc5bc2805e1-IAD

Date

Other

Tue, 12 May 2026 05:54:51 GMT

Ki-Cache-Type

Other

None

Ki-Cf-Cache-Status

Other

BYPASS

Ki-Edge

Other

v=27.1.1;mv=99.9.9

Ki-Origin

Other

g1p

Link

Other

URL https://staging.cms.exercise.com/

rel=alternate type=text/html

Nel

Other

Report-To Group cf-nel max-age: 1w

success: 1.0%

Report-To

Other

Group cf-nel max-age: 1w

Endpoint 1 https://a.nel.cloudflare.com/report/v4?s=%2FIiPGgdEkMzOLsP%2B3ziJTy3g%2F%2BG0iSN5Yy3uMaQWbr4kJY8AUnDeiNslbVRhW7oewUGT5rPmK3SiSAKCs%2BNNMAy5E5srCc5KxJpQjtnRcSvaDMsidlEQ8321qRCFhk9hy1esb%2BsRQeBdow%3D%3D

X-Edge-Location-Klb

Other

1

X-Kinsta-Cache

Other

EXPIRED

X-Robots-Tag

Other

noindex

allow: GET
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 9fa72bc5bc2805e1-IAD
date: Tue, 12 May 2026 05:54:51 GMT
ki-cache-type: None
ki-cf-cache-status: BYPASS
ki-edge: v=27.1.1;mv=99.9.9
ki-origin: g1p
link: <https://staging.cms.exercise.com/>; rel="alternate"; type=text/html
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FIiPGgdEkMzOLsP%2B3ziJTy3g%2F%2BG0iSN5Yy3uMaQWbr4kJY8AUnDeiNslbVRhW7oewUGT5rPmK3SiSAKCs%2BNNMAy5E5srCc5KxJpQjtnRcSvaDMsidlEQ8321qRCFhk9hy1esb%2BsRQeBdow%3D%3D"}],"group":"cf-nel","max_age":604800}
x-edge-location-klb: 1
x-kinsta-cache: EXPIRED
x-robots-tag: noindex

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching