Open
Cached
·
just now
26
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=63072000; includeSubDomains; preload
Content-Security-Policy
Basic
base-uri; object-src; script-src; +2 more
base-uri 'self'; object-src 'self' blob:; script-src 'report-sample' 'nonce-694441c6f3004ce5971cbf8b409acc90' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' https:; frame-ancestors 'self'; report-uri https://web-security-reports.services.atlassian.com/csp-report/confluence-frontend
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer
Permissions-Policy
Missing
Not configured
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding
Caching Headers
1 headers
Cache-Control
Caching
private, no-cache, no-store, must-revalidate
Content Headers
1 headers
Content-Type
Content
text/html; charset="utf-8"
Server Headers
1 headers
Server
Server
AtlassianEdge
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
atl.xsrf.token=4b3e91ac0dd4942806d2d9d670305962f55ceb5d; Path=/wiki; Secure; HttpOnly
Other Headers
14 headers
Atl-Confluence-Via
Other
h:cc-frontend-ssr-main.us-east-1.prod.atl-paas.net
Atl-Request-Id
Other
694441c6-f300-4ce5-971c-bf8b409acc90
Atl-Traceid
Other
694441c6f3004ce5971cbf8b409acc90
Content-Security-Policy-Report-Only
Other
base-uri 'self'; object-src 'self' blob:; script-src 'report-sample' 'nonce-694441c6f3004ce5971cbf8b409acc90' 'unsafe-inline' 'strict-dynamic' https:; report-uri https://web-security-reports.services.atlassian.com/csp-report/confluence-frontend
Date
Other
Fri, 16 Jan 2026 09:41:38 GMT
Nel
Other
{"failure_fraction": 0.01, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
Report-To
Other
{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
Reporting-Endpoints
Other
default="https://dz8aopenkvv6s.cloudfront.net"
Server-Timing
Other
cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=53,atl-edge;dur=51,atl-edge-internal;dur=13,atl-edge-upstream;dur=38,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="IAD61-P5",cdn-rid;desc="UFkxvKyNqJMEPv34O4g7xr1xoQuqzoYKiSnOfTnVEDtwV6_PrP9_Ww==",cdn-downstream-fbl;dur=57
Via
Other
1.1 9ff565339b2a1ea629d89c8a9696c2fc.cloudfront.net (CloudFront)
X-Amz-Cf-Id
Other
UFkxvKyNqJMEPv34O4g7xr1xoQuqzoYKiSnOfTnVEDtwV6_PrP9_Ww==
X-Amz-Cf-Pop
Other
IAD61-P5
X-Cache
Other
Miss from cloudfront
X-Cc-Frontend-Ssr
Other
prod-east;2026-01-15_00-20_659536baf9
Recommendations
Enable compression (gzip/brotli) to improve performance