Open
Cached
·
just now
25
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=63072000; includeSubDomains
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Add Content-Security-Policy header to prevent XSS attacks
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
keep-alive
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept, Host, Turbo-Frame, Origin
Caching Headers
3 headers
Age
Caching
134
Cache-Control
Caching
public, max-age=14400, no-transform
Etag
Caching
W/"d49f889763d6e8ec436d586f544d584c"
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
2 headers
Server
Server
cloudflare
X-Runtime
Server
0.300543
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
11 headers
Cf-Cache-Status
Other
HIT
Cf-Ray
Other
998abadd7ea8d6fb-IAD
Content-Security-Policy-Report-Only
Other
default-src 'self' https://exercism.org https://api.exercism.org https://assets.exercism.org; connect-src 'self' ws://exercism.org https://cdn.jsdelivr.net https://sessions.bugsnag.com/; img-src 'self' data: https://*; media-src *; script-src 'self' https://exercism.org https://api.exercism.org https://assets.exercism.org https://js.stripe.com https://cdn.jsdelivr.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; frame-src https://js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; font-src 'self' https://exercism.org https://api.exercism.org https://assets.exercism.org https://maxcdn.bootstrapcdn.com; style-src 'self' https://exercism.org https://api.exercism.org https://assets.exercism.org 'unsafe-inline' https://maxcdn.bootstrapcdn.com; child-src 'none'
Date
Other
Mon, 03 Nov 2025 09:08:56 GMT
Exercism-Body-Class
Other
namespace- controller-pages action-index theme-light user-signed_out
Link
Other
<https://assets.exercism.org/assets/website-594370f7028942dc7ef7c198f16798d84288362a.css>; rel="preload"; as="style",<https://assets.exercism.org/assets/poppins-v20-latin-regular-ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b.woff2>; rel="preload"; as="font"; type="font/woff2"; crossorigin="anonymous",<https://assets.exercism.org/assets/poppins-v20-latin-600-179f97ec0275f09603a8db94d4380eb584d81cd5.woff2>; rel="preload"; as="font"; type="font/woff2"; crossorigin="anonymous"
Nel
Other
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Report-To
Other
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=MvN0xqupTAvjxcqvdsxcve%2FfEupBcHC7E10%2BhXeNT1Yr4mEzYfhBX282Vdv2z3hagjtrehQb7UmTq7QPhcNT3ysSmFI%2FAFD6cKmv"}]}
X-Download-Options
Other
noopen
X-Permitted-Cross-Domain-Policies
Other
none
X-Request-Id
Other
5bbcce05-7caa-4b99-9403-9a2502e747f1
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 49ms