Open
Cached
·
just now
18
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Add Content-Security-Policy header to prevent XSS attacks
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Origin
Caching Headers
0 headers
No caching headers found
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
3 headers
Server
Server
nginx/1.18.0 + Phusion Passenger(R) 6.0.23
X-Powered-By
Server
Phusion Passenger(R) 6.0.23
X-Runtime
Server
1.592343
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
_maruichi_session=G5WTDzU4XQL7Iqd10FmRkvHa69md3TYUoBUmpYRVgAfglLF4s8tPc%2BAK0srLS8hbTxTo5ugNHD7kLDMPZUq0hClFrkaGmgyF4Xy53TLKhLXmEiF%2B6eaT5AmFvJkO%2FTUQZDbfA6kRlGmOS8i1P5xT4Fahw9OQHwPaFMjj2Cr2ztybT%2FSOVEoDsKMdGf1a3IIF8igXQkusOW3FCRzZBk%2BCt7CPHCT35A0T0Zqbzmx9Fud8pTBoA2Qi4SSg0lFJdxX8%2BuZI7w8U69yzx4CoiUS6mWhl%2B1p4l7G41jmT05cI1E6YmH0u9t27WOUTN1FOVw%2B9XJpFfNvvH7YKyyw0gp4PbQlbWgrfbfic0lmknB8%3D--VeISxOLip1NVCeIH--ibzpZ7pnZB5FMUOJI%2F6Fuw%3D%3D; path=/; HttpOnly; SameSite=Lax
Other Headers
6 headers
Date
Other
Tue, 13 Jan 2026 19:50:04 GMT
Link
Other
</assets/tailwind-37da08b95acfd2f14b76dfb70185791c7e7e5c7ad4679b8d0f883163b5116965.css>; rel=preload; as=style; nopush,</assets/inter-font-c2ddab218623d7492890cfad22b9b8365df63dc39799a4d72a04c1b6a9ba0f73.css>; rel=preload; as=style; nopush,</assets/application-bc0f8b231463d9093ce3033820007ccb62a784790701a0e0940e5ca1f6bf3ec7.css>; rel=preload; as=style; nopush,</assets/es-module-shims.min-2c70b23b8de0017ade1688478f68b3dc449cba61acffc12ca7a03be60158ca65.js>; rel=preload; as=script; nopush
Status
Other
200 OK
X-Download-Options
Other
noopen
X-Permitted-Cross-Domain-Policies
Other
none
X-Request-Id
Other
2aa66254-d3ce-4ab2-9400-e0a4b5024931
Recommendations
Enable compression (gzip/brotli) to improve performance
Add Cache-Control header to optimize caching
Consider removing X-Powered-By header to hide server technology