Open
Cached
·
just now
23
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Excellent
deny
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
magnetometer=()
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
Performance Headers
3 headers
Accept-Ranges
Performance
bytes
Connection
Performance
keep-alive
Vary
Performance
x-fh-requested-host, accept-encoding
Caching Headers
3 headers
Cache-Control
Caching
max-age=3600
Etag
Caching
"4d0442b4e0845bfaa7108f3b64a2da79020f1884d0d477d5baea2e5269af5be8"
Last-Modified
Caching
Mon, 27 Oct 2025 19:10:06 GMT
Content Headers
2 headers
Content-Length
Content
4018
Content-Type
Content
text/html; charset=utf-8
Server Headers
0 headers
No server headers found
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
9 headers
Access-Control-Allow-Origin-No
Other
*
Alt-Svc
Other
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
Content-Security-Policy-Report-Only
Other
default-src https: wss:;font-src 'self' data: 'unsafe-inline' https://*.gstatic.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ https://*.umami.is/ https://cdn.jsdelivr.net/ https://*.facebook.net/ https://*.firebasedatabase.app/ https://*.firebaseio.com/ https://*.gstatic.com/ https://widget.tagembed.com/embed.min.js https://cdn.syndication.twimg.com/ https://www.googletagmanager.com https://platform.twitter.com https://www.youtube.com/ https://*.googleapis.com/ https://*.ckeditor.com/ https://policy.app.cookieinformation.com/ https://unpkg.com/@googlemaps/[email protected]/dist/index.min.js; style-src 'self' 'unsafe-inline';style-src-elem 'self' 'unsafe-inline' https://cdn.jsdelivr.net/ https://ton.twimg.com/ https://platform.twitter.com/ https://stackpath.bootstrapcdn.com/ https://*.googleapis.com/ https://*.ckeditor.com/; img-src 'self' https: data: googleapis.com/ https://*.gstatic.com/; connect-src 'self' https://dandybusinesspark.dk/ https://media.licdn.com/ https://cdnjs.cloudflare.com/ https://*.umami.is/ https://cdn.jsdelivr.net/ https://media-exp1.licdn.com/ https://widget.tagembed.com/embed.min.js https://*.gstatic.com/ https://*.ckeditor.com/ https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css https://unpkg.com/@googlemaps/[email protected]/dist/index.min.js https://iam.ebrains.eu/auth/realms/hbp/.well-known/openid-configuration https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/certs https://*.googleapis.com/ wss://*.firebasedatabase.app/ wss://*.firebaseio.com/ https://*.cloudfunctions.net/ https://*.cookieinformation.com/
Content-Security-Policy-Sim
Other
default-src https: wss: 'unsafe-inline'; img-src 'self' https: http: data: googleapis.com gstatic.com maps.googleapis.com fonts.googleapis.com ;
Date
Other
Sun, 16 Nov 2025 23:33:46 GMT
X-Cache
Other
MISS
X-Cache-Hits
Other
0
X-Served-By
Other
cache-nyc-kteb1890056-NYC
X-Timer
Other
S1763336026.198752,VS0,VE96
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 396ms