HTTP Headers Analysis for https://api.cryptoys.com

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

1 headers

Connection

Performance

close

Caching Headers

0 headers

No caching headers found

Content Headers

2 headers

Content-Length

Content

23

Content-Type

Content

application/json

Server Headers

2 headers

Server

X-Powered-By

Server

Dart with package:shelf

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

14 headers

Date

Other

Fri, 02 Jan 2026 22:52:41 GMT

Via

Other

1.1 onchain-enrichment-proxy

X-Amz-Apigw-Id

Other

WlDZAFKgCYcFcbQ=

X-Amzn-Errortype

Other

ForbiddenException

X-Amzn-Requestid

Other

1ba0ce61-338e-439a-b22f-22e0d3662ebe

X-Auth-Is-Present

Other

false

X-Auth-Is-Valid

Other

false

X-Auth-User-Details

Other

{}

X-Auth-User-Id

Other

X-Auth-User-Permissions

Other

{}

X-Correlation-Group

Other

X-Correlation-Id

Other

U7Fs4kPWTWCdg3TWIImxJw

X-Feature-Flags

Other

{"frontend::release::settings::delete-account::2023-06-21":false,"frontend::release::settings::sign-out-all-sessions::2023-06-21":false,"frontend::dev-ops::flow::active-flow-outage:2023-06-21":false,"frontend::release::settings::collect-user-country::2023-06-26":false,"frontend::release::settings::toyken-integration::2023-06-30":false,"frontend::release::settings::guardian-control-v1::2023-06-30":false,"frontend::release::onboarding::user-display-name-optional::2023-07-12":true,"frontend::release::authentication::logout-single-device-renamed::2023-07-14":true,"frontend::release::settings::edit-user-email::2023-07-19":false,"frontend::release::backpack::amazon-benefit-redemption::2023-08-24":false,"frontend::release::backpack::sort-filter::2023-10-06":true,"global::disable-virtual-currencies::2023-10-31":false,"frontend::release::backpack::amazon-benefit-redemption-announcement::2023-11-01":false,"frontend::release::data::nft-database-migration::2024-03-20":true,"frontend::release::marketplace::toyken-on-the-web::2024-04-09":false,"frontend::release::data::nft-name-field-updated::2024-05-17":true,"frontend::release::settings::collect-user-privacy-acceptance-date::2023-06-26":false,"frontend::release::settings::account-mgmt-v1::2024-06-10":true,"frontend::release::settings::toyken-activity::2024-06-13":false,"frontend::release::settings::backpack-activity::2024-06-13":false,"frontend::dev-ops::maintenance::account-mgmt::app::2024-07-09":false,"frontend::dev-ops::maintenance::account-mgmt::teleportation::2024-07-09":false,"frontend::dev-ops::maintenance::auth::app::2024-07-09":false,"frontend::dev-ops::maintenance::marketing::app::2024-07-09":false,"frontend::dev-ops::maintenance::marketplace::app::2024-07-09":true,"frontend::dev-ops::maintenance::marketplace::toyken-purchase::2024-07-09":true,"frontend::dev-ops::maintenance::playground::app::2024-07-09":false,"frontend::dev-ops::maintenance::playground::teleportation::2024-07-09":false,"frontend::dev-ops::maintenance::playground::unboxing::2024-07-09":false,"frontend::release::data::update-user-response-modified::2024-07-19":true,"frontend::release::auth::age-verification::2024-07-19":false,"frontend::release::auth::app-v1::2024-07-19":true,"frontend::release::header::balance::2024-07-24":true,"frontend::release::data::signup-login-responses-modified::2024-09-03":true,"unity::logging::has-advanced-error-logging::2024-09-25":false,"frontend::release::backpack::play-experience::2024-10-15":true,"unity::storefront::disabled::2024-09-25":false,"unity::freebee::simulate::2024-10-22":true,"unity::toyken-menu::disabled::2024-09-25":false,"unity::storefront::landingpage::2024-10-22":"release-discover-page","frontend::release::settings::child-profiles::2024-10-09":false}

X-Masquerading-Is-Active

Other

false

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching

Consider removing X-Powered-By header to hide server technology