HTTP Headers Analysis for https://www.getonnit.com

Detected Technologies from Headers

See all in URL Inspect 3

Cloudflare NEL Monitoring

Cloudflare CDN

Shopify

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=7889238

Content-Security-Policy

Weak

block-all-mixed-content; frame-ancestors; upgrade-insecure-requests Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Significantly strengthen CSP directives
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

accept-encoding

connection: close
transfer-encoding: chunked
vary: accept-encoding

Caching Headers

Etag

Caching

W/"page_cache:91029012770:IndexController:f057b32d6abb794cc767205b2e51c51e"

etag: W/"page_cache:91029012770:IndexController:f057b32d6abb794cc767205b2e51c51e"

Content Headers

Content-Language

Content

en-US

Content-Type

Content

text/html; charset=utf-8

content-language: en-US
content-type: text/html; charset=utf-8

Server Headers

Server

cloudflare

server: cloudflare

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: localization=US; path=/; expires=Wed, 16 Jun 2027 14:45:09 GMT
cart_currency=USD; path=/; expires=Tue, 30 Jun 2026 14:45:09 GMT
_shopify_y=3340cd0a-079c-4310-91cc-11f344a2cc6e; domain=onnit.com; path=/; expires=Wed, 16 Jun 2027 20:45:09 GMT; SameSite=Lax
_shopify_s=5dc468ef-81d2-4a4b-83c9-682269d36e6b; domain=onnit.com; path=/; expires=Tue, 16 Jun 2026 15:15:09 GMT; SameSite=Lax
_shopify_essential=:AZ7Q5LNsAAEARkDSji3w63qLHeFkpOZ3BMOID8eAlkvrSV1ivxdUa7xSTQCuyU63vW_fHArhYT4apAzBTYLNqHoVSyaNs9c39aWTmBhp1qfnRQTyZNh2BGB_SV0lMVtpqY7CPPi_pFQ--YY21wk_HCK0vGr_S00QLusE42xjT629uhnZ5oOWe1qwKKlXiUWIokPiYLLHWdwPAKJ_kt_9NdiC7DxzzrH_VNbF2Dhs47LuY5djTBXIWtfz1FO8LZ1oiQmJidNqwLTOKaJWb0Rbs2_Lm8uxoErZ6XZ_LMmJpRxTpbjBKDif_EyTSHsWQf93xdY1AQM-8hlUJaaBp2Sbab6ogwwto_VHzpvXrQ6KmGskAUTAjBFJ9yVbSSbaqthH8vt01eQQ5wjY5hdUzMBErGOtintxX4kQLw4yCFXMWJZr7NwNt4BDneKg4crm6KuCkg:; Max-Age=31536000; Path=/; HttpOnly; Secure; Priority=High; SameSite=Lax
_shopify_analytics=:AZ7Q5LOMAAEA12Ws5Qu8S-GvtzFtmnJCK4Ui1HEJCATmhZCKCTtrK-bwLkNunLYyhKb538qLfACbHZ6PO9gEuOO868l2zryhVKqjUQEkjp3BXCRChfmld2NKZf_LcNXf7dcMKs-f5xHgevUk:; Max-Age=31536000; Path=/; HttpOnly; Secure; Priority=High; SameSite=Lax
_shopify_marketing=:AZ7Q5LONAAEAaJLZRla_weagutajox6Aa15uT_0aXaVmuf_e_L78gA0THVeaivTO-xwopnijN1BAKxbNnSXFjOeGId5WJc1fjw3mB65C1b0uCAUicb4FisIqJP3YuxkM4wy4:; Max-Age=31536000; Path=/; HttpOnly; Secure; Priority=High; SameSite=Lax

Other Headers

Alt-Svc

Other

h3=":443"; ma=86400

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

a0ca98be7c69b964-IAD

Date

Other

Tue, 16 Jun 2026 14:45:09 GMT

Link

Other

URL

https://cdn.shopify.com

rel=preconnect

URL

https://cdn.shopify.com

rel=preconnect crossorigin

Nel

Other

Report-To Group cf-nel max-age: 1w

success: 1.0%

Powered-By

Other

Shopify

Report-To

Other

Group cf-nel max-age: 1w

Endpoint 1 https://a.nel.cloudflare.com/report/v4?s=EgywFcGU5ZhUerb%2FP6MCEfM4kcmZ8RqxbRyP%2BCC2YZM9b0Cljf2I8pyMoERz0W2g31QkYoddtBhR0QrVsH96l%2FP%2Bz6qz2N%2FAKkPjR9DKbKxwqD2gwqjwXQ5tgysy79Q%3D

Server-Timing

Other

processing;dur=61;desc="gc:3", db;dur=19, asn;desc="60068", edge;desc="IAD", country;desc="US", theme;desc="188129083682", pageType;desc="index", servedBy;desc="f7d8", requestID;desc="94485f73-a82a-4ee3-abeb-faf70e0fba26-1781621109", _y;desc="3340cd0a-079c-4310-91cc-11f344a2cc6e", _s;desc="5dc468ef-81d2-4a4b-83c9-682269d36e6b", _cmp;desc="3.AMPS_USVA_f_f_qAaZs67MR2iPBYDXvRBQuQ", compressionLevel;desc="5"

Shopify-Complexity-Score

Other

520

Shopify-Complexity-Score-V2

Other

52

X-Dc

Other

gcp-us-east1,gcp-us-east1,gcp-us-east1

X-Download-Options

Other

noopen

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

94485f73-a82a-4ee3-abeb-faf70e0fba26-1781621109

X-Shopify-Perf-Experiments

Other

f_liquid_vm_bytecode_optimizations_v2/v4

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: a0ca98be7c69b964-IAD
date: Tue, 16 Jun 2026 14:45:09 GMT
link: <https://cdn.shopify.com>; rel="preconnect", <https://cdn.shopify.com>; rel="preconnect"; crossorigin
nel: {"report_to":"cf-nel","success_fraction":0.01,"max_age":604800}
powered-by: Shopify
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=EgywFcGU5ZhUerb%2FP6MCEfM4kcmZ8RqxbRyP%2BCC2YZM9b0Cljf2I8pyMoERz0W2g31QkYoddtBhR0QrVsH96l%2FP%2Bz6qz2N%2FAKkPjR9DKbKxwqD2gwqjwXQ5tgysy79Q%3D"}]}
server-timing: processing;dur=61;desc="gc:3", db;dur=19, asn;desc="60068", edge;desc="IAD", country;desc="US", theme;desc="188129083682", pageType;desc="index", servedBy;desc="f7d8", requestID;desc="94485f73-a82a-4ee3-abeb-faf70e0fba26-1781621109", _y;desc="3340cd0a-079c-4310-91cc-11f344a2cc6e", _s;desc="5dc468ef-81d2-4a4b-83c9-682269d36e6b", _cmp;desc="3.AMPS_USVA_f_f_qAaZs67MR2iPBYDXvRBQuQ", compressionLevel;desc="5"
shopify-complexity-score: 520
shopify-complexity-score-v2: 52
x-dc: gcp-us-east1,gcp-us-east1,gcp-us-east1
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-request-id: 94485f73-a82a-4ee3-abeb-faf70e0fba26-1781621109
x-shopify-perf-experiments: f_liquid_vm_bytecode_optimizations_v2/v4

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching