Open
Cached
·
just now
20
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Weak
frame-ancestors; form-action; base-uri
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
autoplay=(self), fullscreen=(self), clipboard-write=*, clipboard-read=*, accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=()
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Significantly strengthen CSP directives
Performance Headers
1 headers
Connection
Performance
keep-alive
Caching Headers
3 headers
Cache-Control
Caching
no-cache, no-store
Expires
Caching
-1
Pragma
Caching
no-cache
Content Headers
2 headers
Content-Length
Content
10422
Content-Type
Content
text/html; charset=utf-8
Server Headers
0 headers
No server headers found
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
__RequestVerificationToken=qZOuCWEJ1h1ggoEUykV5ps_DY3T7Kfu2lQAV8D-kxdniYJRrbUY0ucepluNo7lvr_wnvz9w_hcAewSXMNQ5pPDyNKFDKzoRkFCRblGRCluEZ3AHBo4jUkdIkxP7uRzLb0; path=/; secure; HttpOnly
Other Headers
3 headers
Date
Other
Sat, 15 Nov 2025 19:36:45 GMT
X-Correlation-Id
Other
3f68569a-4c85-4293-96b5-980ee144021d
X-Miniprofiler-Ids
Other
["ab90e2bf-a986-4376-a660-c84550f88637","460ac5e7-ad39-4e87-a75b-9b13fe627723"]
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 490ms