HTTP Headers Analysis for https://gdas.digital

Detected Technologies from Headers

See all in URL Inspect 17

Cloudflare CDNJS

Embedly Active incidents

GitHub

Google API JS Client

Google Cloud Functions

Google Cloud Storage

Google Fonts

Google Maps

Google Static File Front End

jsDelivr

Plausible Analytics

Sentry

Stripe

Vimeo

YouTube

Express

Google Cloud

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; frame-src; script-src; +7 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Vary

Performance

cookie,need-authorization, x-fh-requested-host, accept-encoding

accept-ranges: bytes
connection: close
vary: cookie,need-authorization, x-fh-requested-host, accept-encoding

Caching Headers

Cache-Control

Caching

public, max-age=0, s-maxage=10800

Etag

Caching

W/"4f2c-OykKEanZmduAwTwv4iY2q88EISw"

cache-control: public, max-age=0, s-maxage=10800
etag: W/"4f2c-OykKEanZmduAwTwv4iY2q88EISw"

Content Headers

Content-Length

Content

20268

Content-Type

Content

text/html; charset=utf-8

content-length: 20268
content-type: text/html; charset=utf-8

Server Headers

Server

Google Frontend

X-Powered-By

Server

Express

server: Google Frontend
x-powered-by: Express

CORS Headers

Access-Control-Allow-Origin

Cors

*

access-control-allow-origin: *

Cookies Headers

No cookies headers found

Other Headers

Alt-Svc

Other

h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

Date

Other

Sun, 12 Apr 2026 11:44:55 GMT

Function-Execution-Id

Other

osnr5bcoqmbl

X-Cache

Other

MISS

X-Cache-Hits

Other

0

X-Cloud-Trace-Context

Other

afff0c55897b0f769d14a411758d17a8;o=1

X-Country-Code

Other

US

X-Served-By

Other

cache-nyc-kteb1890045-NYC

X-Timer

Other

S1775994295.703226,VS0,VE497

alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
date: Sun, 12 Apr 2026 11:44:55 GMT
function-execution-id: osnr5bcoqmbl
x-cache: MISS
x-cache-hits: 0
x-cloud-trace-context: afff0c55897b0f769d14a411758d17a8;o=1
x-country-code: US
x-served-by: cache-nyc-kteb1890045-NYC
x-timer: S1775994295.703226,VS0,VE497

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology