HTTP Headers Analysis for https://213.202.227.35.bc.googleusercontent.com

SSL Verification Bypassed

The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.

Reason:

Hostname Mismatch - certificate is issued for www.wellreceived.com, not for 213.202.227.35.bc.googleusercontent.com

Open Cached · just now

19 Headers

Detected Technologies from Headers

See all in URL Inspect 26

AOS (Animate On Scroll)

Amazon S3

Microsoft Advertising

ChatSupport

Facebook

Google AdSense

Google Analytics

Google Cloud Storage

Google Conversion Tracking

Google DoubleClick

Google Fonts

Google Hosted Libraries

Google Search

Google Static File Front End

Google Tag Manager

LinkedIn Active incidents

Microsoft Clarity

Sentry

Smartlook

Tapfiliate

TikTok

Trustpilot

unpkg

YouTube

Zapier

Google Cloud

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

upgrade-insecure-requests; default-src; object-src; +12 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

No performance headers found

Caching Headers

Expires

Caching

Thu, 01 Jan 1970 00:00:00 GMT

Last-Modified

Caching

Wed, 01 Apr 2026 15:36:30 GMT

expires: Thu, 01 Jan 1970 00:00:00 GMT
last-modified: Wed, 01 Apr 2026 15:36:30 GMT

Content Headers

Content-Type

Content

text/html;charset=utf-8

content-type: text/html;charset=utf-8

Server Headers

Server

Google Frontend

server: Google Frontend

CORS Headers

Access-Control-Allow-Headers

Cors

Origin, Content-Type, Accept

Access-Control-Allow-Methods

Cors

GET

Access-Control-Allow-Origin

Cors

https://www.wellreceived.com

access-control-allow-headers: Origin, Content-Type, Accept
access-control-allow-methods: GET
access-control-allow-origin: https://www.wellreceived.com

Cookies Headers

Set-Cookie

set-cookie: JSESSIONID=node010s3rv0nawtv2z4qrubmn9wbk38753.node0; Path=/

Other Headers

Alt-Svc

Other

h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Date

Other

Wed, 01 Apr 2026 15:36:31 GMT

Reflected-Xss

Other

Resp-Time

Other

1775057790992

Via

Other

1.1 google

X-Permitted-Cross-Domain-Policies

Other

none

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 01 Apr 2026 15:36:31 GMT
reflected-xss: 0
resp-time: 1775057790992
via: 1.1 google
x-permitted-cross-domain-policies: none

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching