Open
Cached
·
just now
14
Headers
Detected Technologies from Headers
Gravatar
AppNexus (Xandr)
Bing
Microsoft Advertising
BootstrapCDN
Facebook
Google Analytics
Google API JS Client
Google DoubleClick
Google Optimize
Google Search
Google Static File Front End
Google Tag Manager
hCaptcha
Hotjar
jQuery
LinkedIn
Active incidents
OpenX
PHP
Pingdom
PubMatic
Qualtrics
Trustpilot
Twitter
Typeform
Visual Website Optimizer
Yahoo
Zoho Mail
Google Cloud
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
Connection
close
Transfer-Encoding
chunked
Vary
Accept-Encoding,User-Agent
connection: close transfer-encoding: chunked vary: Accept-Encoding,User-Agent
Caching Headers
Cache-Control
no-store, no-cache, must-revalidate
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Pragma
no-cache
cache-control: no-store, no-cache, must-revalidate expires: Thu, 19 Nov 1981 08:52:00 GMT pragma: no-cache
Content Headers
Content-Type
text/html; charset=UTF-8
content-type: text/html; charset=UTF-8
Server Headers
X-Powered-By
PHP/8.0.30
x-powered-by: PHP/8.0.30
CORS Headers
No CORS headers found
Cookies Headers
Set-Cookie
PHPSESSID
u55hg4ptkp5guveofnoe2omtdr
u55hg4ptkp5guveofnoe2omtdr
path=/
secure
HttpOnly
Other Headers
Date
Thu, 02 Apr 2026 09:05:38 GMT
date: Thu, 02 Apr 2026 09:05:38 GMT
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology