SSL Verification Bypassed

The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.

Reason:

Unknown Certificate Authority - the server's certificate is not trusted

18 Headers

HTTP Security Headers

Status
Strict-Transport-Security
Present
max-age=300; includeSubdomains; preload
Content-Security-Policy
Weak
frame-ancestors; frame-src; upgrade-insecure-requests Analyze
Content-Security-Policy-Report-Only
Missing
Not configured Analyze
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Increase HSTS max-age to at least 1 year and add includeSubDomains
  • Significantly strengthen CSP directives
  • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

Performance Headers

Accept-Ranges
Performance
bytes
Vary
Performance
Accept-Encoding

Caching Headers

Age
Caching
0
Cache-Control
Caching
max-age=60,s-maxage=600,stale-while-revalidate=43200,stale-if-error=43200, public
Etag
Caching
"15835-64b393527e350"
Expires
Caching
Fri, 20 Feb 2026 06:04:09 GMT
Last-Modified
Caching
Fri, 20 Feb 2026 03:42:17 GMT

Content Headers

Content-Length
Content
88117
Content-Type
Content
text/html;charset=utf-8

Server Headers

No server headers found

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie
Cookies

Other Headers

Date
Other
Fri, 20 Feb 2026 05:59:09 GMT
X-Cache
Other
MISS
X-Served-By
Other
cache-lga21989-LGA, cache-lga21962-LGA
X-Timer
Other
S1771567149.330972,VS0,VS0,VE94
X-Vhost
Other
labs-publish

Recommendations

Enable compression (gzip/brotli) to improve performance