HTTP Headers Analysis for https://app.mobilemarketmonitor.com

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

interest-cohort=()

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks

Performance Headers

2 headers

Connection

Performance

close

Vary

Performance

Origin

Caching Headers

2 headers

Cache-Control

Caching

max-age=0, private, must-revalidate

Etag

Caching

W/"369b2613f7c6cfaafb0597eefa77d3d5"

Content Headers

2 headers

Content-Length

Content

9505

Content-Type

Content

text/html; charset=utf-8

Server Headers

2 headers

Server

nginx/1.16.1

X-Runtime

Server

0.075713

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

_app_mobile_market_monitor_session=66772677c6f645a4e5083cc34e74d68b; path=/; expires=Thu, 14 Jan 2027 00:57:33 GMT; HttpOnly; SameSite=Lax

Other Headers

6 headers

Content-Security-Policy-Report-Only

Other

default-src 'self' https:; font-src 'self' https: data:; img-src 'self' maps.gstatic.com https: http: data:; object-src 'none'; script-src 'self' 'unsafe-eval' maps.google.com maps.googleapis.com maps.gstatic.com googletagmanager.com maxcdn.bootstrapcdn.com js-agent.newrelic.com bam.nr-data.net https: 'nonce-66772677c6f645a4e5083cc34e74d68b'; style-src 'self' 'unsafe-inline' https: 'nonce-66772677c6f645a4e5083cc34e74d68b'

Date

Other

Wed, 14 Jan 2026 00:57:33 GMT

Link

Other

</assets/application-3792ff9595df7f473a5c5ea2006ce3a85f611f7f47cda6c87b30dcf523632df9.css>; rel=preload; as=style; nopush,</assets/pre-common-1a8c7257485389ee75830d9fed3d337d4f6cd9a8ee35c2695476fc6bc8af8c9b.css>; rel=preload; as=style; nopush,</assets/timeline-c198e10092f87e545d08dadc05d7cbe561dc2b587abf1d7f980a2ca10113dfeb.css>; rel=preload; as=style; nopush,</assets/common-befdc0cf0b1218d5a23057a6bbaa54692b3d6876b99724f148090e2a89070846.css>; rel=preload; as=style; nopush,</assets/cawi-a92fe99b5611f7d72a425d39c67c02d9b39a471a415ea0a41697995d3eb42751.css>; rel=preload; as=style; nopush,</assets/application-121a30095d75f897874191b0f577ef8661d8d39084285da6a68ecbc327be3c94.js>; rel=preload; as=script; nopush,</assets/vendor-36b7f17e027b6c413ed20fc40a40e8f0a83bfacfa5336cb0b6d743219a114656.js>; rel=preload; as=script; nopush,</assets/common-8cbb22b1651db19cc33394ef778d3bec72a581dfa05fb005387b84a05822c29f.js>; rel=preload; as=script; nopush,</assets/sentry-4243bc430f2e429606d1bab449815947aebbe2f4d0b591ec85d12d6b616af4f1.js>; rel=preload; as=script; nopush

X-Download-Options

Other

noopen

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

e3480e9f-9ecc-463f-b1ec-5f6197307f9a

Recommendations

Enable compression (gzip/brotli) to improve performance