Open
Cached
·
just now
18
Headers
Detected Technologies from Headers
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
Accept-Ranges
bytes
Connection
close
Vary
Accept-Encoding,Cookie
accept-ranges: bytes connection: close vary: Accept-Encoding,Cookie
Caching Headers
Age
8659
Cache-Control
s-maxage=18000, must-revalidate, max-age=0
Last-Modified
Tue, 12 May 2026 20:03:17 GMT
age: 8659 cache-control: s-maxage=18000, must-revalidate, max-age=0 last-modified: Tue, 12 May 2026 20:03:17 GMT
Content Headers
Content-Language
en
Content-Length
26101
Content-Type
text/html; charset=UTF-8
content-language: en content-length: 26101 content-type: text/html; charset=UTF-8
Server Headers
Server
istio-envoy
X-Powered-By
PHP/8.3.30
server: istio-envoy x-powered-by: PHP/8.3.30
CORS Headers
No CORS headers found
Cookies Headers
Other Headers
Date
Wed, 13 May 2026 01:03:17 GMT
Via
1.1 varnish (Varnish/7.1)
X-Cache
HIT
X-Envoy-Upstream-Service-Time
0
X-Request-Id
895420162d286458af0fdf26
X-Varnish
263198 32786
date: Wed, 13 May 2026 01:03:17 GMT via: 1.1 varnish (Varnish/7.1) x-cache: HIT x-envoy-upstream-service-time: 0 x-request-id: 895420162d286458af0fdf26 x-varnish: 263198 32786
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology