HTTP Headers Analysis for https://www.bestpractices.dev

Detected Technologies from Headers

See all in URL Inspect 5

GitHub

Gravatar

Fastly

Heroku

Varnish

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=300

Content-Security-Policy

Strong

default-src; base-uri; form-action; +5 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer-when-downgrade

Permissions-Policy

Present

fullscreen=(), geolocation=(), midi=(); +10 more

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains

Performance Headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Vary

Performance

Accept-Encoding

accept-ranges: bytes
connection: close
vary: Accept-Encoding

Caching Headers

Cache-Control

Caching

private, no-store

Etag

Caching

W/"d33c25afc20de098f13b3d570361b217"

cache-control: private, no-store
etag: W/"d33c25afc20de098f13b3d570361b217"

Content Headers

Content-Length

Content

20267

Content-Type

Content

text/html; charset=utf-8

content-length: 20267
content-type: text/html; charset=utf-8

Server Headers

Server

Heroku

X-Runtime

Server

0.003798

server: Heroku
x-runtime: 0.003798

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: _BadgeApp_session=xKxyX5UVA1IobaFKViuDNszmhMfOY2VCkfRtV8eLP%2BIk1DgmBCvetrUQDuV%2BIGsioykNer9LvrzFmAJ596tKM4GM8NqWOd1%2BvsaNP4Z%2F9WATUpOQFfjvke9Wlkps9i7vuIiq1gj6pIT6Nfgtv8hKO6ICKrji84UAKzIZxE78xxXaCxboNkSX8GvzcEyzySRujl4Vyc3MMJ62r0P0sXJkcIBOt%2BHOM2leqLnaRoI2m%2F4T3gxX7DFkZb6W%2BS9h2%2FTZsscLX40UOfYE9lwiJZ4FRcboZmEge4IFag%3D%3D--EVi5XHqjEVBGxyEx--zo%2BEaNtZ3jnqStZGgbH99A%3D%3D; path=/; secure; httponly; samesite=lax

Other Headers

Date

Other

Sat, 25 Apr 2026 19:05:02 GMT

Feature-Policy

Other

fullscreen 'none'; geolocation 'none'; midi 'none';notifications 'none'; push 'none'; sync-xhr 'none'; microphone 'none';camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none';vibrate 'none'; payment 'none'

Nel

Other

Report-To Group heroku-nel max-age: 1h

success: 1.0% failure: 10.0%

Report-To

Other

Group heroku-nel max-age: 1h

Endpoint 1 https://nel.heroku.com/reports?s=SbPq0zWQCpJ2aVCuIdzsp8I7NDDiK1fWDAKIs0sLDCs%3D&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&ts=1777143902

Reporting-Endpoints

Other

heroku-nel="https://nel.heroku.com/reports?s=SbPq0zWQCpJ2aVCuIdzsp8I7NDDiK1fWDAKIs0sLDCs%3D&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&ts=1777143902"

Via

Other

1.1 heroku-router, 1.1 varnish

X-Cache

Other

MISS

X-Cache-Hits

Other

0

X-Download-Options

Other

noopen

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

87f2dd26-dad5-ad4c-f651-6526bb268346

X-Served-By

Other

cache-iad-kcgs7200042-IAD

X-Timer

Other

S1777143903.766179,VS0,VE20

date: Sat, 25 Apr 2026 19:05:02 GMT
feature-policy: fullscreen 'none'; geolocation 'none'; midi 'none';notifications 'none'; push 'none'; sync-xhr 'none'; microphone 'none';camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none';vibrate 'none'; payment 'none'
nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
report-to: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=SbPq0zWQCpJ2aVCuIdzsp8I7NDDiK1fWDAKIs0sLDCs%3D\u0026sid=af571f24-03ee-46d1-9f90-ab9030c2c74c\u0026ts=1777143902"}],"max_age":3600}
reporting-endpoints: heroku-nel="https://nel.heroku.com/reports?s=SbPq0zWQCpJ2aVCuIdzsp8I7NDDiK1fWDAKIs0sLDCs%3D&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&ts=1777143902"
via: 1.1 heroku-router, 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-request-id: 87f2dd26-dad5-ad4c-f651-6526bb268346
x-served-by: cache-iad-kcgs7200042-IAD
x-timer: S1777143903.766179,VS0,VE20

Recommendations

Enable compression (gzip/brotli) to improve performance