HTTP Headers Analysis for https://stats.wp.com

Detected Technologies from Headers

See all in URL Inspect 1

Nginx

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000; preload

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding, Cookie

connection: close
transfer-encoding: chunked
vary: Accept-Encoding, Cookie

Caching Headers

No caching headers found

Content Headers

Content-Type

Content

text/html; charset=utf-8

content-type: text/html; charset=utf-8

Server Headers

Server

nginx

server: nginx

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: tk_ai=%2FR844LqrzWt1Hp0lSoPPWp1U; expires=Tue, 25 Feb 2031 01:39:06 GMT; Max-Age=157680000; path=/; domain=.wordpress.com; secure; SameSite=None
tk_ai_explat=%2FR844LqrzWt1Hp0lSoPPWp1U; expires=Tue, 25 Feb 2031 01:39:06 GMT; Max-Age=157680000; path=/; domain=.wordpress.com; secure; SameSite=None
tk_qs=_en%3Dwpcom_experiment_variation_assigned%26_ut%3Danon%26_ui%3D%252FR844LqrzWt1Hp0lSoPPWp1U%26_ts%3D1772069946968%26experiment_id%3D22477%26experiment_variation_id%3D5708%26reason%3Dset_by_anon_id; path=/; domain=.wordpress.com; secure; SameSite=Strict
explat_test_aa_weekly_lohp_2026_week_09=control; expires=Mon, 16 Mar 2026 00:00:00 GMT; Max-Age=1549254; path=/; domain=.wordpress.com; secure; SameSite=None

Other Headers

Alt-Svc

Other

h3=":443"; ma=86400

Date

Other

Thu, 26 Feb 2026 01:39:06 GMT

Host-Header

Other

WordPress.com

Server-Timing

Other

a8c-cdn, dc;desc=dca, cache;desc=BYPASS;dur=7.0

X-Ac

Other

1.dca _dca BYPASS

X-Hacker

Other

Want root? Visit join.a8c.com/hacker and mention this header.

alt-svc: h3=":443"; ma=86400
date: Thu, 26 Feb 2026 01:39:06 GMT
host-header: WordPress.com
server-timing: a8c-cdn, dc;desc=dca, cache;desc=BYPASS;dur=7.0
x-ac: 1.dca _dca BYPASS
x-hacker: Want root?  Visit join.a8c.com/hacker and mention this header.

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching