HTTP Headers Analysis for https://zend.com

Open Cached · just now

25 Headers

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=300

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Accept-Ranges

Performance

bytes

Connection

Performance

Vary

Performance

Accept-Encoding, Cookie, Cookie, Cookie

Caching Headers

5 headers

Age

Caching

44817

Cache-Control

Caching

max-age=86400, public

Etag

Caching

W/"1770496516"

Expires

Caching

Sun, 19 Nov 1978 05:00:00 GMT

Last-Modified

Caching

Sat, 07 Feb 2026 20:35:16 GMT

Content Headers

3 headers

Content-Language

Content

Content-Length

Content

92734

Content-Type

Content

text/html; charset=UTF-8

Server Headers

1 headers

Server

nginx

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

10 headers

Content-Security-Policy-Report-Only

Other

default-src 'self' 846-hel-222.mktoresp.com 173-dti-322.mktoresp.com 059-alg-683.mktoresp.com js.zi-scripts.com static.addtoany.com stats.g.doubleclick.net tracking-api.g2.com play.google.com www.google.com; connect-src 'self' 846-hel-222.mktoweb.com analytics.google.com c.6sc.co ipv6.6sc.co cdn.cookielaw.org distillery.wistia.com fast.wistia.com pipedream.wistia.com geolocation.onetrust.com epsilon.6sense.com secure.adnxs.com ws.zoominfo.com px.ads.linkedin.com www.google.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net jnn-pa.googleapis.com api.simplecast.com cdn.simplecast.com givebutter.com umsafoundation.org www.youtube.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com pagead2.googlesyndication.com google.com stats.g.doubleclick.net js.zi-scripts.com privacyportal-eu.onetrust.com 846-hel-222.mktoresp.com app.qualified.com tracking-api.g2.com tr.capterra.com 173-dti-322.mktoresp.com embed-cloudfront.wistia.com *.clarity.ms 173-dti-322.mktoutil.com www.google.com.co; font-src 'self' www.perforce.com www.blazemeter.com www.gliffy.com www.jrebel.com www.openlogic.com www.zend.com www.puppet.com www.perfecto.io fonts.gstatic.com cdn.simplecast.com data: fast.wistia.com use.typekit.net www.gartner.com; frame-src 'self' 846-hel-222.mktoweb.com 173-dti-322.mktoresp.com 059-alg-683.mktoresp.com resources.perforce.com static.addtoany.com www.googletagmanager.com www.perforce.com www.blazemeter.com www.gliffy.com www.jrebel.com www.openlogic.com www.zend.com www.puppet.com www.perfecto.io fast.wistia.net player.simplecast.com www.youtube.com umsafoundation.org live-totalview.pantheonsite.io live-imsl.pantheonsite.io www.google.com app.qualified.com fast.wistia.com player.vimeo.com player.captivate.fm 605957.extforms.netsuite.com www.gartner.com; img-src 'self' data: b.6sc.co c.bing.com bat.bing.com *.clarity.ms cdn.cookielaw.org cdn2.hubspot.net embed-ssl.wistia.com f.hubspotusercontent00.net pic.trendemon.com px.ads.linkedin.com trackingapi.trendemon.com analytics.twitter.com cdn.bizible.com cdn.bizibly.com googleads.g.doubleclick.net t.co track.hubspot.com www.facebook.com www.gliffy.com www.google.com www.linkedin.com www.perforce.com www.blazemeter.com www.jrebel.com www.openlogic.com www.zend.com www.puppet.com www.perfecto.io umsafoundation.org live-mondrian.pantheonsite.io i.ytimg.com image.simplecastcdn.com yt3.ggpht.com fast.wistia.net googletagmanager.com ssl.gstatic.com www.gstatic.com *.google-analytics.com *.googletagmanager.com www.googletagmanager.com pagead2.googlesyndication.com www.googleadservices.com google.com www.google.com.tw www.google.mn fast.wistia.com www.google.co.uk www.google.com.br www.google.no fonts.gstatic.com www.google.co.in www.google.com.ec www.google.pl; manifest-src 'self' 846-hel-222.mktoresp.com 173-dti-322.mktoresp.com 059-alg-683.mktoresp.com js.zi-scripts.com static.addtoany.com stats.g.doubleclick.net tracking-api.g2.com play.google.com www.google.com www.perforce.com www.blazemeter.com www.gliffy.com www.jrebel.com www.openlogic.com www.zend.com www.puppet.com www.perfecto.io; media-src 'self' blob: app.qualified.com fast.wistia.com embed-ssl.wistia.com data: embed-fastly.wistia.com embed-cloudfront.wistia.com; object-src 'self'; script-src 'self' 'report-sample' 'unsafe-eval' 846-hel-222.mktoweb.com assets.trendemon.com browser.sentry-cdn.com cdn.cookielaw.org cdn.jsdelivr.net cdnjs.cloudflare.com fast.wistia.com fast.wistia.net googleads.g.doubleclick.net j.6sc.co js.zi-scripts.com munchkin.marketo.net resources.perforce.com *.clarity.ms snap.licdn.com static.addtoany.com static.cloudflareinsights.com trackingapi.trendemon.com tracking.g2crowd.com ct.capterra.com cdn.bizible.com cdn.getmoreproof.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com connect.facebook.net static.ads-twitter.com p-js.s3.amazonaws.com player.simplecast.com widgets.givebutter.com www.google.com www.googletagmanager.com www.perforce.com www.blazemeter.com www.gliffy.com www.jrebel.com www.openlogic.com www.zend.com www.puppet.com www.perfecto.io umsafoundation.org www.youtube.com googletagmanager.com tagmanager.google.com *.googletagmanager.com www.googleadservices.com pagead2.googlesyndication.com https://cdn.ckeditor.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.highcharts.com https://fast.wistia.com https://resources.perforce.com https://resources.roguewave.com https://static.addtoany.com https://unpkg.com info.perforce.com 'nonce-Oh_AeMLC5lzIIwIK0RdbUQ'; script-src-elem 'self' feedback.perforce.com js.qualified.com cdn.cookielaw.org googleads.g.doubleclick.net ct.capterra.com gist.github.com j.6sc.co munchkin.marketo.net trackingapi.trendemon.com scripts.clarity.ms js.zi-scripts.com cdnjs.cloudflare.com https://cdn.ckeditor.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.highcharts.com https://fast.wistia.com https://resources.perforce.com https://resources.roguewave.com https://static.addtoany.com https://unpkg.com info.perforce.com resources.perforce.com 'nonce-Oh_AeMLC5lzIIwIK0RdbUQ'; style-src 'self' 'report-sample' 'unsafe-inline' 846-hel-222.mktoweb.com cdnjs.cloudflare.com resources.perforce.com www.perforce.com www.blazemeter.com www.gliffy.com www.jrebel.com www.openlogic.com www.zend.com www.puppet.com www.perfecto.io fonts.googleapis.com www.youtube.com googletagmanager.com tagmanager.google.com app-ab48.marketo.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.highcharts.com https://unpkg.com; style-src-elem 'self' feedback.perforce.com resources.perforce.com www.googletagmanager.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.highcharts.com https://unpkg.com; webrtc 'block'; worker-src 'self' blob:; base-uri 'self'; form-action 'self' https://feedback.perforce.com; frame-ancestors 'self' www.perforce.com

Date

Other

Sun, 08 Feb 2026 09:02:53 GMT

Link

Other

</styles/node/1/18222/backgrounds.css>; rel="stylesheet"

Via

Other

1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish

X-Cache

Other

HIT, HIT, MISS, MISS

X-Cache-Hits

Other

6, 52, 0, 0

X-Pantheon-Styx-Hostname

Other

styx-fe4-a-7f76c9f659-mj95w

X-Served-By

Other

cache-chi-kigq8000047-CHI, cache-lga21968-LGA, cache-lga21969-LGA, cache-lga21969-LGA

X-Styx-Req-Id

Other

9a91facb-0464-11f1-822e-bae0d33b18b7

X-Timer

Other

S1770541373.127103,VS0,VE7

Recommendations

Enable compression (gzip/brotli) to improve performance