HTTP Headers Analysis for https://auth.medmastery.com

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Good

default-src; script-src; style-src; +7 more

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer-when-downgrade

Permissions-Policy

Present

autoplay=(self), camera=(), encrypted-media=(self), fullscreen=(), geolocation=(self), gyroscope=(self), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(self), usb=()

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Strengthen CSP by removing 'unsafe-eval'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking

Performance Headers

1 headers

Connection

Performance

close

Caching Headers

1 headers

Cache-Control

Caching

no-cache, private

Content Headers

2 headers

Content-Length

Content

1166

Content-Type

Content

text/html; charset=UTF-8

Server Headers

0 headers

No server headers found

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

9 headers

Date

Other

Wed, 14 Jan 2026 01:09:28 GMT

Via

Other

1.1 edc440dfdd4dccb638ead805c7f4dbfe.cloudfront.net (CloudFront)

X-Amz-Apigw-Id

Other

XJnvTHjhjoEELng=

X-Amz-Cf-Id

Other

i9zDBO0O2r-nwoQjr_JJcpHaOibK2Z949VWU9EHQLpnwFPHNRvr5tg==

X-Amz-Cf-Pop

Other

IAD55-P2

X-Amzn-Remapped-Date

Other

Wed, 14 Jan 2026 01:09:28 GMT

X-Amzn-Requestid

Other

4edd2a81-11f0-4c99-8d96-19a0a3d14e5c

X-Amzn-Trace-Id

Other

Root=1-6966ecc7-7a46ff5e144c6cbe0522157f;Parent=5953250672a180ef;Sampled=0;Lineage=1:ac2d615a:0

X-Cache

Other

Error from cloudfront

Recommendations

Enable compression (gzip/brotli) to improve performance