HTTP Headers Analysis for https://support.stoplight.io

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=63072000; includeSubDomains

Content-Security-Policy

Weak

frame-ancestors; report-uri

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Significantly strengthen CSP directives
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding, Origin

Caching Headers

3 headers

Cache-Control

Caching

no-cache,must-revalidate,max-age=0,no-store,private

Expires

Caching

Fri, 31 Jan 2025 20:25:52 GMT

Last-Modified

Caching

Fri, 31 Jan 2025 20:25:52 GMT

Content Headers

1 headers

Content-Type

Content

text/html;charset=UTF-8

Server Headers

1 headers

Server

cloudflare

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

_cfuvid=x2pCoUMBwodqaRHCBQhbr0vnKvtOZSs43RXNXnNa9qc-1769891151.9044633-1.0.1.1-_ti6NvmXIccrdE2KgtXEEVusJscNyg.16d_ZOuVjgj8; HttpOnly; SameSite=None; Secure; Path=/; Domain=support.stoplight.io

Other Headers

12 headers

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9c6bf0d36f522039-IAD

Content-Security-Policy-Report-Only

Other

script-src https://pay.google.com https://www.gstatic.com/recaptcha/ https://uip.canary.lwc.dev 'unsafe-inline' https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/ 'self' https://payments.salesforce.com/ https://smartbear.my.site.com https://checkoutshopper-test.adyen.com/ https://pal-test.adyen.com blob: https://www.google.com/recaptcha/ https://js.stripe.com/ https://checkoutshopper-live.adyen.com/ import: https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/ *.salesforce.com https://www.paypal.com/sdk/js 'report-sample' https://service.force.com/embeddedservice/ 'unsafe-eval'; report-to sfdc-csp-ep; report-uri https://smartbear.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D700000008FQP&networkId=0DMPO00000003Vm&type=communities

Date

Other

Sat, 31 Jan 2026 20:25:52 GMT

Link

Other

</s/sfsites/auraFW/javascript/REdtNUF5ejJUNWxpdVllUjQtUzV4UTFLcUUxeUY3ZVB6dE9hR0VheDVpb2cxMy4zMzU1NDQzMi41MDMzMTY0OA/aura_prod.js>;rel=preload;as=script;nopush,</s/sfsites/l/%7B%22mode%22%3A%22PROD%22%2C%22dfs%22%3A%228%22%2C%22app%22%3A%22siteforce%3AcommunityApp%22%2C%22fwuid%22%3A%22REdtNUF5ejJUNWxpdVllUjQtUzV4UTFLcUUxeUY3ZVB6dE9hR0VheDVpb2cxMy4zMzU1NDQzMi41MDMzMTY0OA%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsiteforce%3AcommunityApp%22%3A%221421_mg1QpGWKsu060_sD-hU2fg%22%7D%2C%22apce%22%3A1%2C%22apck%22%3A%22JHt0aW1lc3RhbXB9MDAwMDAwMDAzNDllbl9VUw%22%2C%22mlr%22%3A1%2C%22pathPrefix%22%3A%22%22%2C%22dns%22%3A%22c%22%2C%22ls%22%3A1%2C%22lrmc%22%3A%22551347034%22%7D/resources.js?pu=1&pv=17697480030001118589601&rv=1769749251000>;rel=preload;as=script;nopush,</s/sfsites/l/%7B%22mode%22%3A%22PROD%22%2C%22dfs%22%3A%228%22%2C%22app%22%3A%22siteforce%3AcommunityApp%22%2C%22serializationVersion%22%3A%221-13.33554432.50331648-b%22%2C%22parts%22%3A%22f%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsiteforce%3AcommunityApp%22%3A%221421_mg1QpGWKsu060_sD-hU2fg%22%7D%2C%22dns%22%3A%22c%22%2C%22ls%22%3A1%2C%22lrmc%22%3A%22551347034%22%7D/app.js?3=>;rel=preload;as=script;nopush

Report-To

Other

{"endpoints":[{"url":"https://smartbear.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D700000008FQP&networkId=0DMPO00000003Vm&type=communities"}],"max_age":31536000,"group":"sfdc-csp-ep"}

Reporting-Endpoints

Other

sfdc-csp-ep="https://smartbear.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D700000008FQP&networkId=0DMPO00000003Vm&type=communities"

Server-Timing

Other

cfEdge;dur=37,cfOrigin;dur=293

Timing-Allow-Origin

Other

*

X-Request-Id

Other

904e265480e49eaf80c3b8a1bf10f13d