HTTP Headers Analysis for https://support.aha.io

Open Cached · just now

21 Headers

Detected Technologies from Headers

See all in URL Inspect 2

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

geolocation=(), microphone=(), payment=()

Recommendations

• Add Content-Security-Policy header to prevent XSS attacks

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

connection: close
transfer-encoding: chunked

Caching Headers

Cache-Control

Caching

no-store

Etag

Caching

W/"44f18defb0cc74285ae6a90ca0392575"

Expires

Caching

Fri, 01 Jan 1970 00:00:00 GMT

Pragma

Caching

no-cache

cache-control: no-store
etag: W/"44f18defb0cc74285ae6a90ca0392575"
expires: Fri, 01 Jan 1970 00:00:00 GMT
pragma: no-cache

Content Headers

Content-Type

Content

text/html; charset=utf-8

content-type: text/html; charset=utf-8

Server Headers

Server

Server

openresty

X-Runtime

Server

1.299879

server: openresty
x-runtime: 1.299879

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: _aha_t=7638910867111173631; domain=aha.io; path=/; expires=Fri, 12 May 2028 07:55:34 GMT; secure; SameSite=Lax
_aha_app_2=NIou8qnZ1Z4faJ2adPPzyO7lmjgci%2F3GuA84MPa0CGI%2BO5nMnvAd8uxZVOelRXPbYo1nNVr0TbTmVKGqVkaSOe8Qw%2FdjMvEiPvRZfjzTsCrd%2Btx%2BNEK3pSREfXO0%2F4K%2B0opZg%2FB%2Bb0vcKO7gZSnKh197DNx%2F0zT9nRlBlfhucgbiA0IFzcz1mxQ9wqUbRiT31zRKkmcoMtRUQJJhnYqVfv6v6CfZ1v90xWCg6yNiBSUsYBXj7zZw1Jp%2BD0%2BxBBBnKpqoUE%2F7F%2Bd6AmDpCwjeip%2FI--tFvxkQNyv5IPn8i9--QQ8XTMyGZYESRlA8lCX6fw%3D%3D; path=/; secure; HttpOnly; SameSite=Lax

Other Headers

Date

Other

Tue, 12 May 2026 07:55:35 GMT

Feature-Policy

Other

geolocation 'none'; microphone 'none'; payment 'none'

Link

Other

URL

https://cdn.aha.io/assets/knowledge_base-v2-95327d488d15e775a374e93fb1f7c879.css

rel=preload as=style nopush

URL

https://cdn.aha.io/assets/runtime-v2-a49036b025ea8b517c541677b073f5cf.js

rel=preload as=script nopush

URL

https://cdn.aha.io/assets/vendor-v2-6d3c4e1676e1675a830d5f5ae200185e.js

rel=preload as=script nopush

URL

https://cdn.aha.io/assets/knowledge_base-v2-3f7563c11ace0c35d40955cddb5e1cb0.js

rel=preload as=script nopush

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

dd0d5645-929c-4824-9acd-d5460ec62328

date: Tue, 12 May 2026 07:55:35 GMT
feature-policy: geolocation 'none'; microphone 'none'; payment 'none'
link: <https://cdn.aha.io/assets/knowledge_base-v2-95327d488d15e775a374e93fb1f7c879.css>; rel=preload; as=style; nopush,<https://cdn.aha.io/assets/runtime-v2-a49036b025ea8b517c541677b073f5cf.js>; rel=preload; as=script; nopush,<https://cdn.aha.io/assets/vendor-v2-6d3c4e1676e1675a830d5f5ae200185e.js>; rel=preload; as=script; nopush,<https://cdn.aha.io/assets/knowledge_base-v2-3f7563c11ace0c35d40955cddb5e1cb0.js>; rel=preload; as=script; nopush
x-permitted-cross-domain-policies: none
x-request-id: dd0d5645-929c-4824-9acd-d5460ec62328

Recommendations

Enable compression (gzip/brotli) to improve performance