HTTP Headers for salesforce.com

Responds with HTTP 200 OK — 4 of 6 security headers present.

Domain to Check

200 OKhttps://www.salesforce.com/

Security Headers4/6

HSTS

CSP

X-Frame-Options

X-Content-Type-Options

Referrer-Policy

Permissions-Policy

All Response Headers (25)

ak-uuid0.8ec83017.1777045480.182c4356

cache-controlprivate, must-revalidate, max-age=300

connectionclose

content-encodinggzip

content-length51999

content-typetext/html; charset=utf-8

dateFri, 24 Apr 2026 15:44:40 GMT

etagW/"8bbdb-aTyf0pcOOuURX8PwXE8WbxW8w9g"

expiresFri, 24 Apr 2026 15:49:40 GMT

origin-agent-cluster?1

referrer-policystrict-origin-when-cross-origin

server-timingak_p; desc="1777045480691_389073038_405554006_50_32876_1_6_-";dur=1

set-cookiebm_sz=A7C3AA6296F3A875B8D84EEC854AF43A~YAAQjsgwFyhV4bmdAQAAICUqwB94JRUqnyaCiHnm8m1/2FeRf2hgppWsFS8VD5s9nTMdzoMON9dOb366fw0cGqclgh2Wx5rRbRc8ouyMvlMonwrlUfWE2BeS1Q8vUMUsYq8+Q/euEsJH0CGN9hVuJWLSzx78XtvUVb0PA54y+2S+///v6IJApzk54P7jKeHJLO4xwtSC8+W6BGdSCOBlvpvnkJKQpbfRYUdLhrHnYFqVSholkYCtj9VfdM+6OwfcUchZUbxD7om5jCvsU+NN3awpUaI7wGcgfpm31UGpaNocTvY7TSWH1nG5PcqVpQMaMF9xrZ8j0KK3bfc0TqA2lxIrHNPDn2/R1UbWDyiGGk/iBg==~3425586~3486789; Domain=.salesforce.com; Path=/; Expires=Fri, 24 Apr 2026 19:44:40 GMT; Max-Age=14400

strict-transport-securitymax-age=86400

varyAccept-Encoding

x-content-type-optionsnosniff

x-dns-prefetch-controlon

x-download-optionsnoopen

x-frame-optionsSAMEORIGIN

x-permitted-cross-domain-policiesmaster-only

x-sfdc-agent-cohort-apply-experimentfalse

x-sfdc-agent-cohort-decisionagentforce

x-sfdc-agent-cohort-sourceheader-fallback

x-sfdc-page-render-typenunjuckspbc

x-xss-protection0

SSL Certificate Checker

Check any domain's SSL/TLS certificate — issuer, expiry, SANs, and cipher.

→

HTTP Status Codes

Searchable reference of all HTTP status codes with descriptions and use cases.

→

WHOIS Lookup

Look up WHOIS details for any domain or IP address.

→