HTTP Headers Analysis for https://vagaro.com

Detected Technologies from Headers

See all in URL Inspect 63

AWS CloudFront

Google AdSense

Chili Piper

Google Maps

Microsoft 365

Google Tag Manager

Bing

G2

Salesforce Cloud

Amplitude

Affirm

Mux

Google Translate

hCaptcha

Webflow

Statuspage

HubSpot Forms

Adyen

Google DoubleClick

Google Pay

Google Analytics

Microsoft Advertising

Google Conversion Tracking

GIPHY

Google Static File Front End

Calendly

Google API JS Client

TikTok Analytics

AzureFrontDoor

Osano

Zendesk

Microsoft ASP.NET CDN

Hygraph

Cloudflare Turnstile

LiveChat

Stripe

HubSpot Analytics

unpkg

Google Search

BootstrapCDN

Imperva

Adobe Marketo

Apple Pay

Apple ID

Facebook

Instagram

Adobe Fonts (Typekit)

Cloudflare CDNJS

TikTok

jQuery

Vimeo

ipify

HubSpot

YouTube

Microsoft Clarity

Font Awesome

Sentry

jsDelivr

Google Cloud

Microsoft Azure

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; img-src; connect-src; +2 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

connection: close
transfer-encoding: chunked

Caching Headers

Cache-Control

Caching

private

cache-control: private

Content Headers

Content-Type

Content

text/html; charset=utf-8

content-type: text/html; charset=utf-8

Server Headers

No server headers found

CORS Headers

Access-Control-Allow-Headers

Cors

accept, content-type

Access-Control-Allow-Methods

Cors

*

Access-Control-Allow-Origin

Cors

https://api.vagaro.com

Access-Control-Expose-Headers

Cors

Request-Context

access-control-allow-headers: accept, content-type
access-control-allow-methods: *
access-control-allow-origin: https://api.vagaro.com
access-control-expose-headers: Request-Context

Cookies Headers

Set-Cookie

Cookies

set-cookie: vPowerV2=0nin1zr3zt0oudulhvajcyqf; domain=.vagaro.com; path=/; secure; HttpOnly; SameSite=None
proximitystate_v3=%7B%22lat%22%3A%2240.6888%22%2C%22long%22%3A%22-74.0203%22%2C%22countryid%22%3A%221%22%2C%22zip%22%3A%2210004%22%2C%22city%22%3A%22New+York%22%2C%22state%22%3A%22New+York%22%2C%22stateName%22%3A%22NY%22%2C%22currencysymbol%22%3A%22%24%22%2C%22businesstypes%22%3A%22%22%2C%22service%22%3A%22%22%2C%22vagaroURL%22%3A%22%22%2C%22titleTimesTamp%22%3A%22%22%2C%22utcOffset%22%3A0%2C%22timeZoneOffSet%22%3A-5.00%2C%22isSupportDayLight%22%3Atrue%7D; domain=.vagaro.com; expires=Sat, 10-Apr-2027 15:29:31 GMT; path=/; secure
visid_incap_451694=OjenJBAmQ4Wo1inira3RgFoX2WkAAAAAQUIPAAAAAAAVikJsmGwBcTXs7nxsx1bf; expires=Sat, 10 Apr 2027 06:42:44 GMT; HttpOnly; path=/; Domain=.vagaro.com; Secure; SameSite=None
incap_ses_8217_451694=Gba6MWXw7x36FeCaiaYIclsX2WkAAAAAja9GE5TL6eNQ8p0/KF/lyw==; path=/; Domain=.vagaro.com; Secure; SameSite=None

Other Headers

Date

Other

Fri, 10 Apr 2026 15:29:31 GMT

Request-Context

Other

appId=cid-v1:54764664-9433-4dc2-9ca7-e743d604b31f

X-Cdn

Other

Imperva

X-Iinfo

Other

13-40411599-40411600 NNNY CT(12 13 0) RT(1775834971197 13) q(0 0 0 0) r(0 9) U12

X-Server-Hpvmssus03-Path

Other

Public_Web_Backend

date: Fri, 10 Apr 2026 15:29:31 GMT
request-context: appId=cid-v1:54764664-9433-4dc2-9ca7-e743d604b31f
x-cdn: Imperva
x-iinfo: 13-40411599-40411600 NNNY CT(12 13 0) RT(1775834971197 13) q(0 0 0 0) r(0 9) U12
x-server-hpvmssus03-path: Public_Web_Backend

Recommendations

Enable compression (gzip/brotli) to improve performance