HTTP Headers Analysis for https://cdn.ringover.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; script-src; style-src; +4 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer-when-downgrade

Permissions-Policy

Present

accelerometer=(none), ambient-light-sensor=(none), autoplay=(none); +22 more

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking

Performance Headers

Connection

Performance

close

Content-Encoding

Performance

gzip

Vary

Performance

Accept-Encoding

connection: close
content-encoding: gzip
vary: Accept-Encoding

Caching Headers

No caching headers found

Content Headers

Content-Encoding

Content

gzip

Content-Length

Content

0

Content-Type

Content

text/plain

content-encoding: gzip
content-length: 0
content-type: text/plain

Server Headers

No server headers found

CORS Headers

Access-Control-Allow-Credentials

Cors

true

Access-Control-Allow-Headers

Cors

Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With, X-TEAM-ID, X-USER-ID, range

Access-Control-Allow-Methods

Cors

POST, OPTIONS, GET, PUT, DELETE, PATCH

Access-Control-Allow-Origin

Cors

*

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With, X-TEAM-ID, X-USER-ID, range
access-control-allow-methods: POST, OPTIONS, GET, PUT, DELETE, PATCH
access-control-allow-origin: *

Cookies Headers

No cookies headers found

Other Headers

Date

Other

Thu, 07 May 2026 18:46:31 GMT

Feature-Policy

Other

accelerometer=(none), ambient-light-sensor=(none), autoplay=(none), camera=(none), microphone=(none), document-write=(none), encrypted-media=(none), fullscreen=(none), geolocation=(none), gyroscope=(none), layout-animations=(none), legacy-image-formats=(none), magnetometer=(none), midi=(none), oversized-images=(none), payment=(none), picture-in-picture=(none), speaker=(none), sync-script=(none), sync-xhr=(none), unoptimized-images=(none), unsized-media=(none), usb=(none), vertical-scroll=(none), vr=(none)

date: Thu, 07 May 2026 18:46:31 GMT
feature-policy: accelerometer=(none), ambient-light-sensor=(none), autoplay=(none), camera=(none), microphone=(none), document-write=(none), encrypted-media=(none), fullscreen=(none), geolocation=(none), gyroscope=(none), layout-animations=(none), legacy-image-formats=(none), magnetometer=(none), midi=(none), oversized-images=(none), payment=(none), picture-in-picture=(none), speaker=(none), sync-script=(none), sync-xhr=(none), unoptimized-images=(none), unsized-media=(none), usb=(none), vertical-scroll=(none), vr=(none)

Recommendations

Add Cache-Control header to optimize caching