Open
Cached
·
just now
25
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Basic
default-src; script-src; style-src; +15 more
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https://i0.wp.com https://i1.wp.com https://i2.wp.com https://s0.wp.com https://s1.wp.com https://s2.wp.com https://c0.wp.com https://secure.gravatar.com https://www.gravatar.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.elevenlabs.io https://elevenlabs.io https://elevenlabs.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://secure.gravatar.com https://www.gravatar.com; connect-src 'self' https://centralcsp.com/api/report https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.google.com https://recaptcha.net https://*.elevenlabs.io https://elevenlabs.io https://elevenlabs.com; frame-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.google.com https://recaptcha.net https://*.elevenlabs.io https://elevenlabs.io https://elevenlabs.com; media-src 'self'; worker-src 'self'; child-src 'self'; manifest-src 'self'; form-action 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests; report-uri https://centralcsp.com/api/report; report-to default;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer
Permissions-Policy
Present
geolocation=(), microphone=(), camera=(), payment=(), usb=(), magnetometer=(), gyroscope=(), accelerometer=()
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Cookie
Caching Headers
2 headers
Cache-Control
Caching
max-age=60, must-revalidate
Last-Modified
Caching
Tue, 20 Jan 2026 08:27:30 GMT
Content Headers
1 headers
Content-Type
Content
text/html; charset=UTF-8
Server Headers
1 headers
Server
Server
nginx
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
11 headers
Alt-Svc
Other
h3=":443"; ma=86400
Date
Other
Thu, 22 Jan 2026 04:44:39 GMT
Host-Header
Other
WordPress.com
Link
Other
<https://greenpay.me/>; rel=shortlink
Reporting-Endpoints
Other
default="https://centralcsp.com/api/report"
Server-Timing
Other
a8c-cdn, dc;desc=dca, cache;desc=STALE;dur=1.0
X-Ac
Other
3.dca _atomic_dca STALE
X-Csp-Nonce
Other
1w25wgm/uB4Q/0Xgxpq+vw==
X-Hacker
Other
Want root? Visit join.a8c.com and mention this header.
X-Nananana
Other
Batcache-Hit
X-Permitted-Cross-Domain-Policies
Other
none
Recommendations
Enable compression (gzip/brotli) to improve performance