HTTP Headers Analysis for https://8crafty.com

Detected Technologies from Headers

See all in URL Inspect 1

Nginx

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000; includeSubdomains; preload

Content-Security-Policy

Basic

base-uri; script-src; object-src Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

same-origin

Permissions-Policy

Present

geolocation=(), midi=(), sync-xhr=(); +6 more

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

connection: close
transfer-encoding: chunked

Caching Headers

Cache-Control

Caching

no-store, no-cache, must-revalidate

Expires

Caching

Thu, 19 Nov 1981 08:52:00 GMT

Pragma

Caching

no-cache

cache-control: no-store, no-cache, must-revalidate
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache

Content Headers

Content-Type

Content

text/html; charset=UTF-8

content-type: text/html; charset=UTF-8

Server Headers

Server

nginx

server: nginx

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: web_csrf_8crafty_com_cookie=5324a3671a3b412330138da15c1f7ac4; expires=Tue, 16-Jun-2026 12:43:25 GMT; Max-Age=7200; path=/; domain=8crafty.com
8crafty.com_session=86mns58kiacup1p0kkmkfffaajanc0ds; expires=Tue, 16-Jun-2026 12:43:25 GMT; Max-Age=7200; path=/; domain=8crafty.com; HttpOnly
web_web_crafty_lang=bg; expires=Wed, 16-Jun-2027 10:43:25 GMT; Max-Age=31536000; path=/; domain=8crafty.com; secure

Other Headers

Date

Other

Tue, 16 Jun 2026 10:43:25 GMT

Public-Key-Pins

Other

pin-sha256="OhC5XGbgKQJgXN0jQRM6WopnpzbnsedtMoFO5k7NGZ="; max-age=120; includeSubDomains; report-uri="https://reports.8crafty.com/data/"

X-Permitted-Cross-Domain-Policies

Other

master-only

date: Tue, 16 Jun 2026 10:43:25 GMT
public-key-pins: pin-sha256="OhC5XGbgKQJgXN0jQRM6WopnpzbnsedtMoFO5k7NGZ="; max-age=120; includeSubDomains; report-uri="https://reports.8crafty.com/data/"
x-permitted-cross-domain-policies: master-only

Recommendations

Enable compression (gzip/brotli) to improve performance