Open
Cached
·
just now
26
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=63072000; includeSubDomains; preload
Content-Security-Policy
Basic
base-uri; object-src; script-src; +2 more
base-uri 'self'; object-src 'self' blob:; script-src 'report-sample' 'nonce-12372db9ec124db6ad2ec7035a0cc949' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' https:; frame-ancestors 'self'; report-uri https://web-security-reports.services.atlassian.com/csp-report/confluence-frontend
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer
Permissions-Policy
Missing
Not configured
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding
Caching Headers
1 headers
Cache-Control
Caching
private, no-cache, no-store, must-revalidate
Content Headers
1 headers
Content-Type
Content
text/html; charset="utf-8"
Server Headers
1 headers
Server
Server
AtlassianEdge
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
atl.xsrf.token=de85cc9c7b6cd9014ec7ff6d3e73da8a7974c168; Path=/wiki; Secure; HttpOnly
Other Headers
14 headers
Atl-Confluence-Via
Other
h:cc-frontend-ssr-main.us-east-1.prod.atl-paas.net
Atl-Request-Id
Other
12372db9-ec12-4db6-ad2e-c7035a0cc949
Atl-Traceid
Other
12372db9ec124db6ad2ec7035a0cc949
Content-Security-Policy-Report-Only
Other
base-uri 'self'; object-src 'self' blob:; script-src 'report-sample' 'nonce-12372db9ec124db6ad2ec7035a0cc949' 'unsafe-inline' 'strict-dynamic' https:; report-uri https://web-security-reports.services.atlassian.com/csp-report/confluence-frontend
Date
Other
Tue, 27 Jan 2026 06:17:58 GMT
Nel
Other
{"failure_fraction": 0.01, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
Report-To
Other
{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
Reporting-Endpoints
Other
default="https://dz8aopenkvv6s.cloudfront.net"
Server-Timing
Other
cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=2,cdn-upstream-fbl;dur=82,atl-edge;dur=78,atl-edge-internal;dur=13,atl-edge-upstream;dur=64,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="IAD61-P2",cdn-rid;desc="Z9GhpMwxWw62U40rFQDMRXzVulyHZ3D_bHoZ0XE70R9uSRiFA1YhyQ==",cdn-downstream-fbl;dur=86
Via
Other
1.1 3f2e448716e86a35bb027a469c98be3c.cloudfront.net (CloudFront)
X-Amz-Cf-Id
Other
Z9GhpMwxWw62U40rFQDMRXzVulyHZ3D_bHoZ0XE70R9uSRiFA1YhyQ==
X-Amz-Cf-Pop
Other
IAD61-P2
X-Cache
Other
Miss from cloudfront
X-Cc-Frontend-Ssr
Other
prod-east;2026-01-21_19-29_9853446d1b
Recommendations
Enable compression (gzip/brotli) to improve performance