Open
Cached
·
just now
24
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=15552000; preload
Content-Security-Policy
Basic
default-src; script-src; style-src; +11 more
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Present
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
Performance Headers
3 headers
Connection
Performance
keep-alive
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding
Caching Headers
3 headers
Cache-Control
Caching
private, no-cache, no-store, must-revalidate
Expires
Caching
Sat, 01 Jan 2000 00:00:00 GMT
Pragma
Caching
no-cache
Content Headers
1 headers
Content-Type
Content
text/html; charset="utf-8"
Server Headers
0 headers
No server headers found
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
sb=JxAIaUdWK0RswQf53qpFvuG9; expires=Tue, 08-Dec-2026 02:15:03 GMT; Max-Age=34560000; path=/; domain=.facebook.com; secure; httponly
Other Headers
8 headers
Alt-Svc
Other
h3=":443"; ma=86400
Date
Other
Mon, 03 Nov 2025 02:15:03 GMT
Document-Policy
Other
include-js-call-stacks-in-crash-reports
Origin-Agent-Cluster
Other
?1
Report-To
Other
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7568316933660070269&cpp=C3&cv=1029289649&st=1762136103630"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Reporting-Endpoints
Other
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7568316933660070269&cpp=C3&cv=1029289649&st=1762136103630", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
X-Fb-Connection-Quality
Other
EXCELLENT; q=0.9, rtt=15, rtx=0, c=10, mss=1368, tbw=3284, tp=-1, tpl=-1, uplat=274, ullat=0
X-Fb-Debug
Other
iO9NRtzAnIOl4B7n6oM62DQdfJI8v4+SwOrdBpnKLwGGjRQu6FkHOEUVo2qBZgiS+0L7u7l9zLbquiAMGZ1J+g==
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 108ms