SSL Verification Bypassed
The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.
Reason:
Hostname Mismatch - certificate is issued for eshop.bystadium.com, *.bystadium.com, not for ec2-34-195-55-38.compute-1.amazonaws.com
Open
Cached
·
just now
18
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=63072000; includeSubDomains; preload
Content-Security-Policy
Weak
frame-ancestors; form-action
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
ch-dpr=("https://res.cloudinary.com"), ch-width=("https://res.cloudinary.com"), ch-viewport-width=("https://res.cloudinary.com")
Recommendations
- • Significantly strengthen CSP directives
Performance Headers
1 headers
Vary
Performance
RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding
Caching Headers
2 headers
Cache-Control
Caching
s-maxage=31536000, stale-while-revalidate=31536000
Etag
Caching
"lttxkyq7lt42s4"
Content Headers
2 headers
Content-Length
Content
190337
Content-Type
Content
text/html; charset=utf-8
Server Headers
0 headers
No server headers found
CORS Headers
2 headers
Access-Control-Allow-Methods
Cors
GET,OPTIONS
Access-Control-Allow-Origin
Cors
https://www.bystadium.com
Cookies Headers
1 headers
Set-Cookie
Cookies
geo=j%3A%7B%22country_code%22%3A%22US%22%2C%22currency_code%22%3A%22USD%22%2C%22ip_address%22%3A%2264.34.84.14%22%2C%22fallback%22%3Afalse%7D; Max-Age=1209600; Path=/; Expires=Sun, 14 Dec 2025 04:15:38 GMT; Secure
Other Headers
4 headers
Accept-Ch
Other
Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width
Date
Other
Sun, 30 Nov 2025 04:15:38 GMT
X-Middleware-Rewrite
Other
/not-found
X-Nextjs-Cache
Other
HIT
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 97ms