HTTP Headers Analysis for https://support.zammad.com

Detected Technologies from Headers

See all in URL Inspect 3

Nginx

Vimeo

YouTube

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=63072000

Content-Security-Policy

Basic

base-uri; default-src; font-src; +5 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

connection: close

Caching Headers

Cache-Control

Caching

no-store

Etag

Caching

W/"37f1896e6c2e2e7d129f903ded31d029"

cache-control: no-store
etag: W/"37f1896e6c2e2e7d129f903ded31d029"

Content Headers

Content-Length

Content

2929

Content-Type

Content

text/html; charset=utf-8

content-length: 2929
content-type: text/html; charset=utf-8

Server Headers

Server

nginx

X-Runtime

Server

0.010536

server: nginx
x-runtime: 0.010536

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: _zammad_session_b926f055ca7=e93dca09de40b107e6b2bb568b74b496; path=/; secure; HttpOnly

Other Headers

Csrf-Token

Other

lLe6FnzK-mR_qz-e494kYPaHDm8PVJGkhjTmoVnK-nNyUUFa2I0spl3nhEaiIiu0Czol03n1RVVeg88EPl3JWw

Date

Other

Sat, 21 Feb 2026 05:39:36 GMT

Link

Other

URL /assets/application-92ec07d9cc3b0432019744d260480bfd1e6072cd2485e09b96d87ddcd14e3360.css

rel=preload as=style nopush

URL /assets/application-print-b13bcc6b8c456b67c376ff97d8c717cfa9869ea4412e4f49b65170aa535c5722.css

rel=preload as=style nopush

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

34476cdb-e24f-476a-b01d-b4b0dc7676e3

csrf-token: lLe6FnzK-mR_qz-e494kYPaHDm8PVJGkhjTmoVnK-nNyUUFa2I0spl3nhEaiIiu0Czol03n1RVVeg88EPl3JWw
date: Sat, 21 Feb 2026 05:39:36 GMT
link: </assets/application-92ec07d9cc3b0432019744d260480bfd1e6072cd2485e09b96d87ddcd14e3360.css>; rel=preload; as=style; nopush,</assets/application-print-b13bcc6b8c456b67c376ff97d8c717cfa9869ea4412e4f49b65170aa535c5722.css>; rel=preload; as=style; nopush
x-permitted-cross-domain-policies: none
x-request-id: 34476cdb-e24f-476a-b01d-b4b0dc7676e3

Recommendations

Enable compression (gzip/brotli) to improve performance