HTTP Headers Analysis for https://www.webflow.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Weak

frame-ancestors

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Significantly strengthen CSP directives
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

Caching Headers

2 headers

Age

Caching

21874

Last-Modified

Caching

Fri, 16 Jan 2026 22:43:41 GMT

Content Headers

1 headers

Content-Type

Content

text/html

Server Headers

0 headers

No server headers found

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

_cfuvid=QCCqjjKs5.e7orgHKf4S__JYwA7RInuwTgAVy2WFQ4U-1768625295617-0.0.1.1-604800000; path=/; domain=.webflowmarketingmain.com; HttpOnly; Secure; SameSite=None

Other Headers

10 headers

Alt-Svc

Other

h3=":443"; ma=86400

Cf-Cache-Status

Other

HIT

Cf-Ray

Other

9bf338216cce2c11-IAD

Content-Security-Policy-Report-Only

Other

frame-ancestors 'self' https://*.webflow.com https://webflow.com https://app.intellimize.com; connect-src 'self' https://webflow.com https://*.webflow.com https://browser-intake-datadoghq.com https://api.sprig.com https://api.knock.app https://api.goentri.com https://prodregistryv2.org https://grsm.io https://partnerlinks.io https://app.clearbit.com https://cloudflare-dns.com https://collector-pxtg2vkiqj.px-cloud.net https://collector-pxtg2vkiqj.px-cdn.net https://collector-pxtg2vkiqj.pxchk.net https://050-lkc-745.mktoutil.com https://px.ads.linkedin.com https://pixel-config.reddit.com https://www.facebook.com https://www.googleservices.com https://*.google.com wss://api.knock.app https://*.doubleclick.net https://beyondwickedmapping.org https://api.claydar.com https://sockr.birdie.so https://cdn.birdie.so https://c.6sc.co https://ipv6.6sc.co https://050-lkc-745.mktoresp.com https://featureassets.org https://api.segment.io https://*.amazonaws.com https://telemetry.us.transcend.io https://transcend-cdn.com wss://sockr.birdie.so https://d3e54v103j8qbb.cloudfront.net https://statsigapi.net https://sevendata.fun https://cf.birdie.so wss://sock.birdie.so https://distillery.wistia.com https://pipedream.wistia.com https://fast.wistia.com https://embed-cloudfront.wistia.com https://app.qualified.com https://tzm.px-cloud.net https://cdn.dreamdata.cloud https://*.clarity.com https://bat.bing.net https://bat.bing.com wss://ws7.qualified.com; report-uri https://webflow.report-uri.com/r/t/csp/reportOnly

Date

Other

Sat, 17 Jan 2026 04:48:15 GMT

Link

Other

<https://cdn.prod.website-files.com>; rel=preconnect; crossorigin, <https://cdn.intellimize.co>; rel=preconnect; crossorigin

Surrogate-Control

Other

max-age=432000

Surrogate-Key

Other

webflowmarketingmain.com 686294e263eb7e215bd232f7 pageId:686294e363eb7e215bd2334b 688206b7763f45053f5fd3fe 6882041de62598599997d514

X-Cache-Status

Other

MISS

X-Lambda-Id

Other

94e2bb8d-4d26-47e0-a8b7-388328dca703

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching