HTTP Headers Analysis for https://dashboard.gamindo.com

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains;

Content-Security-Policy

Basic

default-src; frame-src; script-src; +4 more

default-src 'self' https://*.amazonaws.com https://*.gamindo.com https://*.hotjar.com https://*.google.com https://*.googleusercontent.com https://*.cloudfront.net https://*.stripe.com https://*.zapier.com https://*.zapier.app https://*.jsdelivr.net https://cdn.jsdelivr.net; frame-src 'self' https://*.amazonaws.com https://*.gamindo.com https://*.hotjar.com https://*.google.com https://*.googleusercontent.com https://*.googletagmanager.com https://*.cloudfront.net https://*.stripe.com https://*.zapier.com https://*.zapier.app https://*.jsdelivr.net https://cdn.jsdelivr.net; script-src 'self' 'wasm-unsafe-eval' blob: https://*.amazonaws.com https://*.gamindo.com https://*.hotjar.com https://*.google.com https://*.googleusercontent.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://*.cloudfront.net https://*.stripe.com https://*.zapier.com https://*.posthog.com https://*.jsdelivr.net https://cdn.jsdelivr.net https://*.unpkg.com https://unpkg.com; connect-src 'self' https://*.amazonaws.com https://*.gamindo.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.google.com https://*.googleusercontent.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://*.cloudfront.net https://*.stripe.com https://*.zapier.com https://*.posthog.com https://*.jsdelivr.net https://cdn.jsdelivr.net https://*.unpkg.com https://unpkg.com; img-src 'self' data: blob: https://*.amazonaws.com https://*.gamindo.com https://*.hotjar.com https://*.google.com https://*.googleusercontent.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://*.cloudfront.net https://*.stripe.com https://*.zapier.com https://*.posthog.com https://*.jsdelivr.net https://cdn.jsdelivr.net https://*.unpkg.com; style-src 'self' 'unsafe-inline' https://*.amazonaws.com https://*.gamindo.com https://*.google.com https://*.googleusercontent.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://*.cloudfront.net https://*.stripe.com https://*.zapier.com https://*.jsdelivr.net https://cdn.jsdelivr.net; worker-src 'self' blob:;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

same-origin

Permissions-Policy

Present

fullscreen=*

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Improve CSP by adding more specific directives and removing 'unsafe-inline'

Performance Headers

2 headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Caching Headers

3 headers

Cache-Control

Caching

public, max-age=0, s-maxage=2

Etag

Caching

"a762bf829657ee6b6d5e653b51661c1d"

Last-Modified

Caching

Mon, 12 Jan 2026 14:23:41 GMT

Content Headers

2 headers

Content-Length

Content

1942

Content-Type

Content

text/html

Server Headers

1 headers

Server

AmazonS3

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

5 headers

Date

Other

Tue, 13 Jan 2026 13:24:27 GMT

Via

Other

1.1 11eaf456640fa53320ea0c94bd6e5e78.cloudfront.net (CloudFront), 1.1 4a050b98a443ca2d3af477f9b4dc39ae.cloudfront.net (CloudFront)

X-Amz-Cf-Id

Other

qZCvMcc5F_u6BT_H1SOdC9QgHfWJDqgPhZgNZnEznaRq2F8lquc_Hg==

X-Amz-Cf-Pop

Other

IAD89-P1

X-Cache

Other

RefreshHit from cloudfront

Recommendations

Enable compression (gzip/brotli) to improve performance