HTTP Headers Analysis for https://dkv.be

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Basic

default-src; script-src; connect-src; +2 more

default-src 'self' https: ws: wss: data: blob: 'unsafe-inline'; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' https://*.googlesyndication.com https://bat.bing.com https://hcaptcha.com https://assets.adobedtm.com https://*.matomo.cloud https://*.cookielaw.org https://*.facebook.com https://*.hotjar.com https://*.licdn.com https://*.doubleclick.net https://www.googleadservices.com https://static.addtoany.com https://*.tiktok.com https://embed.typeform.com https://cdn.syndication.twimg.com https://*.twitter.com https://*.getclicky.com https://code.createjs.com https://use.typekit.net https://vjs.zencdn.net https://*.cookiebot.com https://cdn.jsdelivr.net https://s7.addthis.com https://*.googleapis.com https://*.list-manage.com https://unpkg.com https://code.jquery.com https://js.stripe.com https://ws.sharethis.com https://cdnjs.cloudflare.com https://connect.facebook.net https://*.google-analytics.com https://cdn.ckeditor.com https://policy.app.cookieinformation.com https://s3.amazonaws.com https://player.vimeo.com https://i.vimeocdn.com https://fast.wistia.com https://www.youtube.com https://s.ytimg.com https://*.google.com https://www.gstatic.com https://www.googletagmanager.com; connect-src 'self' https://adobedc.demdex.net https://*.bing.net https://*.bing.com https://*.cookiebot.com https://*.hotjar.io wss://*.hotjar.com https://*.adobedc.net https://*.linkedin.com https://*.doubleclick.net https://*.googlesyndication.com https://*.hcaptcha.com https://*.demdex.net https://*.omtrdc.net https://*.onetrust.com https://*.matomo.cloud https://*.cookielaw.org https://*.facebook.com https://*.googleapis.com https://*.hotjar.com https://google.com https://*.google.com https://*.google-analytics.com https://*.tiktok.com https://*.getclicky.com https://*.sendinblue.com wss://chat-messaging.sendinblue.com https://consentcdn.cookiebot.com https://*.app.cookieinformation.com https://*.sharethis.com https://*.openstreetmap.org https://vimeo.com ; frame-ancestors 'self'; form-action 'self' https://*.dkv.be https://checkout.stripe.com https://syndication.twitter.com https://*.list-manage.com https://www.facebook.com;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers

Connection

Performance

close

Vary

Performance

Accept-Encoding

Caching Headers

2 headers

Cache-Control

Caching

must-revalidate, no-cache, private

Expires

Caching

Sun, 19 Nov 1978 05:00:00 GMT

Content Headers

3 headers

Content-Language

Content

nl

Content-Length

Content

66621

Content-Type

Content

text/html; charset=UTF-8

Server Headers

0 headers

No server headers found

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

3 headers

Date

Other

Sat, 27 Dec 2025 02:03:55 GMT

X-Drupal-Cache

Other

HIT

X-Drupal-Dynamic-Cache

Other

HIT

Recommendations

Enable compression (gzip/brotli) to improve performance