HTTP Headers Analysis for https://app.donegrading.com

Detected Technologies from Headers

See all in URL Inspect 14

Apple ID

Envoy

Firebase

Google Analytics

Google API JS Client

Google Cloud Functions

Google Fonts

Google Search

Google Static File Front End

Google Sign-In

Google Tag Manager

Sentry

Express

Google Cloud

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Good

default-src; base-uri; object-src; +9 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

camera=(self), microphone=(self), geolocation=()

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Strengthen CSP by removing 'unsafe-eval'

Performance Headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

accept-ranges: bytes
connection: close

Caching Headers

Age

Caching

0

Cache-Control

Caching

public, max-age=0

Etag

Caching

W/"19f3-49773873e8"

Last-Modified

Caching

Tue, 01 Jan 1980 00:00:01 GMT

age: 0
cache-control: public, max-age=0
etag: W/"19f3-49773873e8"
last-modified: Tue, 01 Jan 1980 00:00:01 GMT

Content Headers

Content-Length

Content

6643

Content-Type

Content

text/html; charset=UTF-8

content-length: 6643
content-type: text/html; charset=UTF-8

Server Headers

Server

envoy

X-Powered-By

Server

Express

server: envoy
x-powered-by: Express

CORS Headers

No CORS headers found

Cookies Headers

No cookies headers found

Other Headers

Alt-Svc

Other

h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000

Cache-Tag

Other

705695813275, 705695813275:donegrading

Cdn-Cache-Status

Other

revalidated

Date

Other

Wed, 06 May 2026 11:33:13 GMT

Server-Timing

Other

l2gfet4t7; dur=925

Traceparent

Other

00-e0a0e40c0c2f0a0d56c9e81ad24b0273-2b72282886fea067-01

Via

Other

1.1 google

X-Cloud-Trace-Context

Other

e0a0e40c0c2f0a0d56c9e81ad24b0273/3130608845504553063;o=1

X-Dns-Prefetch-Control

Other

off

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000
cache-tag: 705695813275, 705695813275:donegrading
cdn-cache-status: revalidated
date: Wed, 06 May 2026 11:33:13 GMT
server-timing: l2gfet4t7; dur=925
traceparent: 00-e0a0e40c0c2f0a0d56c9e81ad24b0273-2b72282886fea067-01
via: 1.1 google
x-cloud-trace-context: e0a0e40c0c2f0a0d56c9e81ad24b0273/3130608845504553063;o=1
x-dns-prefetch-control: off

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology