Open
Cached
·
2h ago
20
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Basic
default-src; connect-src; style-src; +6 more
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
microphone=(), geolocation=(), usb=(), payment=(), camera=()
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
Performance Headers
3 headers
Connection
Performance
keep-alive
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding
Caching Headers
1 headers
Last-Modified
Caching
Mon, 04 Aug 2025 11:10:59 GMT
Content Headers
1 headers
Content-Type
Content
text/html
Server Headers
1 headers
Server
Server
cloudflare
CORS Headers
3 headers
Access-Control-Allow-Credentials
Cors
true
Access-Control-Allow-Headers
Cors
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,X-Token,External-ID,OTT,Coalition-App,x-datadog-trace-id,x-datadog-parent-id,x-datadog-origin,x-datadog-sampling-priority,x-datadog-sampled
Access-Control-Allow-Methods
Cors
GET, POST, OPTIONS, PUT, DELETE, PATCH
Cookies Headers
0 headers
No cookies headers found
Other Headers
5 headers
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
99a12397bf471877-IAD
Date
Other
Thu, 06 Nov 2025 02:25:13 GMT
X-Amz-Id-2
Other
1v/q/Lixfag112fkBS1R9RoLUHSKw7PLdL7YgNrVKAUvwkf/NRlROyJecjP44TCf3ipkMOx+xSo=
X-Amz-Request-Id
Other
AP86B0W8DZ9FH297
Recommendations
Enable compression (gzip/brotli) to improve performance
Add Cache-Control header to optimize caching
Analysis completed in 0ms