HTTP Headers Analysis for https://studio.nebius.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=15552000; includeSubDomains

Content-Security-Policy

Good

default-src; script-src; img-src; +14 more

default-src 'self';script-src 'nonce-RXaSZ1WKNW+rFLJaRwNOJl6vxYUncT3EAEy6seA8JPs=' 'self' 'strict-dynamic' https://browser.sentry-cdn.com https://js.stripe.com/ https://www.googletagmanager.com/ https://*.googletagmanager.com https://www.google-analytics.com/ https://connect.facebook.net https://*.hotjar.com https://*.hotjar.io *.contentsquare.net app.contentsquare.com https://www.redditstatic.com https://snap.licdn.com/ https://static.ads-twitter.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.hsadspixel.net https://*.hsforms.com https://*.hsforms.net analytics.tiktok.com;img-src 'self' data: https://static.nebius.com https://static.testing.nebius.com https://*.nebius.cloud https://*.githubusercontent.com https://www.googleadservices.com https://*.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.g.doubleclick.net https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleusercontent.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://www.facebook.com https://connect.facebook.net https://*.hotjar.com *.contentsquare.net https://alb.reddit.com https://bat.bing.net https://bat.bing.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://t.co https://analytics.twitter.com https://*.hubspot.com https://*.hsforms.net https://*.hsforms.com analytics.tiktok.com https://local.tokenfactory.nebius.com:4443;connect-src 'self' data: https://*.tokenfactory.nebius.com https://*.nebiuscloud.net https://*.nebius.cloud https://*.sentry.io https://google.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://*.google-analytics.com https://region1.analytics.google.com https://*.analytics.google.com https://analytics.google.com https://www.google.com https://*.g.doubleclick.net https://maps.googleapis.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://www.facebook.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.contentsquare.net *.contentsquare.com https://pixel-config.reddit.com https://www.redditstatic.com https://bat.bing.net https://bat.bing.com https://px.ads.linkedin.com https://*.hubapi.com https://*.hsforms.com https://static.hsappstatic.net analytics.tiktok.com *.tiktokw.us https://capig.stape.host https://capig.stape.pro https://gw.stape.run https://local.tokenfactory.nebius.com:4443 wss://local.tokenfactory.nebius.com:4443;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com https://*.hotjar.com;font-src 'self' https: data: https://fonts.gstatic.com https://*.hotjar.com;object-src 'none';base-uri 'self';frame-src 'self' https://*.js.stripe.com https://js.stripe.com/ https://hooks.stripe.com https://www.googletagmanager.com https://www.google.com https://td.doubleclick.net https://*.g.doubleclick.net https://www.facebook.com;manifest-src 'self';media-src 'self' https://static.nebius.com https://static.testing.nebius.com https://local.tokenfactory.nebius.com:4443;worker-src 'none';form-action 'self' https://www.facebook.com;child-src https://*.hsforms.com;frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Strengthen CSP by removing 'unsafe-eval'
• Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers

Connection

Performance

close

Vary

Performance

Accept-Encoding

Caching Headers

2 headers

Cache-Control

Caching

no-store, max-age=0, must-revalidate, proxy-revalidate

Etag

Caching

W/"1221-Toc2H7H03Ky1gsiL9Jzqzz5Di5g"

Content Headers

2 headers

Content-Length

Content

4641

Content-Type

Content

text/html; charset=utf-8

Server Headers

1 headers

Server

istio-envoy

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

__Host-psifi.x-csrf-token=d14fd9236d6a037bdd164cc3640eaa61012d0e9d88a9b4f4d64423704d731a2cf247592d2a8ae5c170c88c40722234517403ab2d4d487254407b38f307855726%7C232b7a26bfbc8a290b0f9a067ce842486ab55d263df703f687b57b43c73f8f40; Max-Age=43560; Path=/; Expires=Wed, 04 Feb 2026 22:16:22 GMT; HttpOnly; Secure; SameSite=Lax

Other Headers

8 headers

Date

Other

Wed, 04 Feb 2026 10:10:22 GMT

Origin-Agent-Cluster

Other

?1

X-Dns-Prefetch-Control

Other

off

X-Download-Options

Other

noopen

X-Envoy-Upstream-Service-Time

Other

4

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

d66ad886-a4a3-4265-9d90-ba0eff111dce

X-Trace-Id

Other

50f786a979f9fdaa23eee815d95e3706

Recommendations

Enable compression (gzip/brotli) to improve performance