Open
Cached
·
just now
22
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=63072000;includeSubdomains;preload;
Content-Security-Policy
Weak
frame-ancestors
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Significantly strengthen CSP directives
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Connection
Performance
close
Vary
Performance
Origin
Caching Headers
2 headers
Cache-Control
Caching
max-age=0, private, must-revalidate
Etag
Caching
W/"98cc7b44c8bd70dc65e632cd31b603e0"
Content Headers
2 headers
Content-Length
Content
73
Content-Type
Content
application/json; charset=utf-8
Server Headers
1 headers
X-Runtime
Server
0.002214
CORS Headers
6 headers
Access-Control-Allow-Credentials
Cors
true
Access-Control-Allow-Headers
Cors
Origin, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Transaction-ID, X-Analytics-Tags, Analytics-Client-Id, X-Account-ID, X-API-Version, Client-Id
Access-Control-Allow-Methods
Cors
DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
Access-Control-Allow-Origin
Cors
Access-Control-Expose-Headers
Cors
Content-Length
Access-Control-Max-Age
Cors
86400
Cookies Headers
0 headers
No cookies headers found
Other Headers
4 headers
Date
Other
Wed, 28 Jan 2026 11:19:19 GMT
X-Forwarded-For
Other
216.246.40.87
X-Request-Id
Other
dd448890-dafa-48bb-bcd9-c10192a6994b
X-Transaction-Id
Other
34a5d975-7271-49da-9392-b12c5eb090ea
Recommendations
Enable compression (gzip/brotli) to improve performance