HTTP Headers Analysis for https://dns.mailwish.com

SSL Verification Bypassed

The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.

Reason:

Hostname Mismatch - certificate is issued for vmd146289.contaboserver.net, not for dns.mailwish.com

Open Cached · just now

18 Headers

Detected Technologies from Headers

See all in URL Inspect 14

Gravatar

YouTube

Apache

Facebook

Google API JS Client

Google Fonts

Google Hosted Libraries

Google Translate

OpenStreetMap

Twitter

Ubuntu

WordPress

WordPress.com

Yoast

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=63072000; includeSubdomains; preload

Content-Security-Policy

Basic

default-src; base-uri; manifest-src; +29 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

same-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

Upgrade, close

Vary

Performance

Accept-Encoding

connection: Upgrade, close
vary: Accept-Encoding

Caching Headers

Cache-Control

Caching

no-cache, no-store, must-revalidate

cache-control: no-cache, no-store, must-revalidate

Content Headers

Content-Length

Content

30661

Content-Type

Content

text/html; charset=UTF-8

content-length: 30661
content-type: text/html; charset=UTF-8

Server Headers

Server

Apache/2.4.67 (Ubuntu)

server: Apache/2.4.67 (Ubuntu)

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

set-cookie: oc_sessionPassphrase=C2tkKQzzLhOoM4g4PJo9SXAB9ObNkulnENSULLQRr4Z2vjcXgxTQA95%2B6F%2F%2FGUZZj5wFG6zFKFTexH3AGAb4lnfObIz6RF%2BTeWL5aIAyiDGLU6yagnjwleKrIOAQSLpS; path=/nextcloud; secure; HttpOnly; SameSite=Lax
nc_sameSiteCookielax=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
nc_sameSiteCookiestrict=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
ocvcmbk8foz6=8f8ba1cdcfcbd01829f9dea6f5a7d937; path=/nextcloud; secure; HttpOnly; SameSite=Lax

Other Headers

Date

Other

Fri, 15 May 2026 22:01:16 GMT

Feature-Policy

Other

autoplay 'self';camera 'none';fullscreen 'self' https://office.backprod.de;geolocation 'none';microphone 'none';payment 'none', microphone 'none'; payment 'none'; geolocation 'none'; speaker 'none'; usb 'none'; vibrate 'none'; vr 'none';

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

UkO1AN61wfXTzuDl6tut

X-Robots-Tag

Other

noindex, nofollow

date: Fri, 15 May 2026 22:01:16 GMT
feature-policy: autoplay 'self';camera 'none';fullscreen 'self' https://office.backprod.de;geolocation 'none';microphone 'none';payment 'none', microphone 'none'; payment 'none'; geolocation 'none'; speaker 'none'; usb 'none'; vibrate 'none'; vr 'none';
x-permitted-cross-domain-policies: none
x-request-id: UkO1AN61wfXTzuDl6tut
x-robots-tag: noindex, nofollow

Recommendations

Enable compression (gzip/brotli) to improve performance