HTTP Headers Analysis for https://www.chromatic.com

Detected Technologies from Headers

See all in URL Inspect 29

AWS CloudFront

Chromatic

Facebook

Figma

Google AdSense

Google Analytics

Google Conversion Tracking

Google DoubleClick

Google Fonts

Google Search

Google Tag Manager

HubSpot

HubSpot Analytics

HubSpot Forms

Intercom

IP-API

jsDelivr

Mailchimp

Microsoft Clarity

Netlify

PostHog

RevenueHero

Segment

Sentry

Stripe

Usercentrics

Vector

YouTube

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Good

default-src; script-src; style-src; +7 more Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

no-referrer,strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

connection: close
transfer-encoding: chunked
vary: Accept-Encoding

Caching Headers

Age

Caching

0

Cache-Control

Caching

private,no-cache,no-store,max-age=0,must-revalidate

Etag

Caching

"t01ahivfit3tiy"

age: 0
cache-control: private,no-cache,no-store,max-age=0,must-revalidate
etag: "t01ahivfit3tiy"

Content Headers

Content-Type

Content

text/html; charset=utf-8

content-type: text/html; charset=utf-8

Server Headers

Server

Netlify

server: Netlify

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: x-chromatic-session-id=4fadc842-a1d0-4aaa-8eda-cb6a3052e99f;HttpOnly;Secure;

Other Headers

Cache-Status

Other

"Netlify Durable"; fwd=bypass, "Netlify Edge"; fwd=miss

Date

Other

Sat, 16 May 2026 08:20:55 GMT

Netlify-Vary

Other

X-Dns-Prefetch-Control

Other

off

X-Download-Options

Other

noopen

X-Nf-Request-Id

Other

01KRQXZHY7W8P0Y726VMEGQ7KM

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

Root=1-6a0828e7-4c0f99b63f2f19132dc60c97

cache-status: "Netlify Durable"; fwd=bypass, "Netlify Edge"; fwd=miss
date: Sat, 16 May 2026 08:20:55 GMT
netlify-vary: query=__nextDataReq|_rsc,header=x-nextjs-data|x-next-debug-logging|next-router-prefetch|next-router-segment-prefetch|next-router-state-tree|next-url|rsc|accept-encoding,cookie=__prerender_bypass|__next_preview_data
x-dns-prefetch-control: off
x-download-options: noopen
x-nf-request-id: 01KRQXZHY7W8P0Y726VMEGQ7KM
x-permitted-cross-domain-policies: none
x-request-id: Root=1-6a0828e7-4c0f99b63f2f19132dc60c97

Recommendations

Enable compression (gzip/brotli) to improve performance