HTTP Headers Analysis for https://ebv-studie.de

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Consider adding Permissions-Policy to control browser features

Performance Headers

1 headers

Connection

Performance

close

Caching Headers

2 headers

Cache-Control

Caching

max-age=0, private, must-revalidate

Etag

Caching

W/"de8dee32006f2bfbdc1f6ee085c54ac9"

Content Headers

2 headers

Content-Length

Content

73582

Content-Type

Content

text/html; charset=utf-8

Server Headers

2 headers

Server

nginx/1.18.0

X-Runtime

Server

1.434649

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

_DreamIn_session=RUBk5y3TABZeyE4VDjI6qebRbafaNjjlyZhk%2Fat01J3GtBUua%2FaKC1PrUr2byz0ekjR4Ffe2R1%2B0yslhCxAnWSOvxveoGhQYR9nvGV5WHlCZ4nIdUo9mo34UENllaFPNFJhATXoqSCuIQGXlXXh5Nnfa%2BCYODKmR0iRmZZ9033hdGOT9gdnZPXb6hNkHT3eHq3hqRNOpVC%2BaV%2FGJoALcy2pSZ78RmXXsvYyVboeXiQZnrapKTpg1l4RYVAkMx518mpCO01t4%2F%2BRrfR2ohOE8g%2BQPYv7SONFYeU5Qu3X3lnw29wbUd87iqimvFLvM0UcgcX8WcpWNaz7icgFJXAWMJu2vHJy1IwbW--POf%2BMxWnYvetqIF9--YX3awFu5RhSSakKv4LO6BA%3D%3D; domain=.lmu-klinikum.de; path=/; HttpOnly; SameSite=Lax

Other Headers

5 headers

Date

Other

Thu, 04 Dec 2025 13:23:24 GMT

Link

Other

</assets/application-9c1f3abf5fa3be82aa6df40cf5cff97af4a2fad7aabf888af1495abb3b4e84f0.css>; rel=preload; as=style; nopush,</assets/klinikum-ecc2a1c2f9982a6469d650791b952d39404cde11f591aa8d9fa573c19710ca54.css>; rel=preload; as=style; nopush,</assets/application-2b41ac4deb98bdeb5624cf9701fa1477c0b578a020dc83a6f83b70a090258b5c.js>; rel=preload; as=script; nopush,</packs/js/main_pack-4cbd9f8c676a287229e6.js>; rel=preload; as=script; nopush,</packs/css/main_pack-f6c54ad2.css>; rel=preload; as=style; nopush

X-Download-Options

Other

noopen

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

a0faf176-eaab-472a-9f74-3a1503fcffa2

Recommendations

Enable compression (gzip/brotli) to improve performance