HTTP Headers for bitbucket.org

Responds with HTTP 200 OK from AtlassianEdge — 4 of 6 security headers present.

Domain to Check

200 OKhttps://bitbucket.org/

Security Headers4/6

HSTS

CSP

X-Frame-Options

X-Content-Type-Options

Referrer-Policy

Permissions-Policy

All Response Headers (22)

atl-request-id5a9b27e9-7b2d-4b68-a8e8-6b07c5922d1d

atl-traceid5a9b27e97b2d4b68a8e86b07c5922d1d

cache-controlmax-age=0, s-maxage=8400, stale-while-revalidate=43200, stale-if-error=43200, no-cache="Set-Cookie"

connectionclose

content-encodinggzip

content-security-policyframe-ancestors 'none';

content-typetext/html;charset=UTF-8

dateFri, 24 Apr 2026 15:44:46 GMT

last-modifiedThu, 23 Apr 2026 22:08:02 GMT

nel{"failure_fraction": 0.01, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}

report-to{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}

serverAtlassianEdge

server-timingatl-edge;dur=21,atl-edge-internal;dur=2,atl-edge-upstream;dur=20,atl-edge-pop;desc="aws-us-east-1"

set-cookiebxp_gateway_request_id=12a40176-0160-6319-4d8d-87cfedc45f10; Max-Age=300; Domain=bitbucket.org; Path=/; Expires=Fri, 24 Apr 2026 15:49:46 GMT; Secure

strict-transport-securitymax-age=63072000; includeSubDomains; preload

transfer-encodingchunked

varyAccept-Encoding, Referer

x-content-type-optionsnosniff

x-envoy-attempt-count1

x-frame-optionsdeny

x-magnolia-registrationRegistered

x-xss-protection1; mode=block

SSL Certificate Checker

Check any domain's SSL/TLS certificate — issuer, expiry, SANs, and cipher.

→

HTTP Status Codes

Searchable reference of all HTTP status codes with descriptions and use cases.

→

WHOIS Lookup

Look up WHOIS details for any domain or IP address.

→