Cached · just now
23 Headers

HTTP Security Headers

Status
Strict-Transport-Security
Weak
max-age=0
Content-Security-Policy
Weak
Content-Security-Policy-Report-Only
Missing
Not configured Analyze
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Increase HSTS max-age to at least 1 year and add includeSubDomains
  • Significantly strengthen CSP directives
  • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

Performance Headers

Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding

Caching Headers

Cache-Control
Caching
no-store, no-cache, must-revalidate
Expires
Caching
Thu, 19 Nov 1981 08:52:00 GMT
Pragma
Caching
no-cache

Content Headers

Content-Type
Content
text/html; charset=UTF-8

Server Headers

Server
Server
cloudflare

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie
Cookies

Other Headers

Alt-Svc
Other
h3=":443"; ma=86400
Bc-Ray
Other
1
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
9d10bba329f2a5f2-IAD
Date
Other
Fri, 20 Feb 2026 20:25:24 GMT
Nel
Other
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
Other
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ic37T4C%2FpJBW7VyLSEfJm1Vt%2BfpOCeoX1nKC3GLCzNOoXzNgEShWT6m0dHhaTLgfSJx1yiOZe9pAMO9zSC5uoNR0gQuRh9a9Hv0x1LhYCH5mk1uO1T9spmmTJSNR6%2Bcm"}],"group":"cf-nel","max_age":604800}
X-Bc-Is-Ha
Other
1
X-Bc-Store-Id
Other
511867
X-Permitted-Cross-Domain-Policies
Other
none
X-Request-Id
Other
a72a122fcdc4635677086f20740551a6

Recommendations

Enable compression (gzip/brotli) to improve performance