Open
Cached
·
just now
15
Headers
Detected Technologies from Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Consider adding Permissions-Policy to control browser features
Performance Headers
Connection
close
connection: close
Caching Headers
No caching headers found
Content Headers
Content-Length
23
content-length: 23
Server Headers
Server
nginx
server: nginx
CORS Headers
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
Content-Type, Cache-Control, X-Requested-With, X-CSRF-Token, Discourse-Present, User-Api-Key, User-Api-Client-Id, Authorization
Access-Control-Allow-Methods
POST, PUT, GET, OPTIONS, DELETE
Access-Control-Allow-Origin
https://dataquest.app
Access-Control-Max-Age
7200
access-control-allow-credentials: true access-control-allow-headers: Content-Type, Cache-Control, X-Requested-With, X-CSRF-Token, Discourse-Present, User-Api-Key, User-Api-Client-Id, Authorization access-control-allow-methods: POST, PUT, GET, OPTIONS, DELETE access-control-allow-origin: https://dataquest.app access-control-max-age: 7200
Cookies Headers
Other Headers
Cdck-Proxy-Id
app-router-tieadvanced01.sea2, app-balancer-tieinterceptor1b.sea2
Date
Wed, 06 May 2026 02:37:33 GMT
X-Permitted-Cross-Domain-Policies
none
X-Request-Id
c3a141d2-32c3-45f9-8af8-8dd8dcbee5c2
cdck-proxy-id: app-router-tieadvanced01.sea2, app-balancer-tieinterceptor1b.sea2 date: Wed, 06 May 2026 02:37:33 GMT x-permitted-cross-domain-policies: none x-request-id: c3a141d2-32c3-45f9-8af8-8dd8dcbee5c2
Recommendations
Enable compression (gzip/brotli) to improve performance
Add Cache-Control header to optimize caching