HTTP Headers Analysis for https://hanidoll.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=315360000; includeSubdomains

Content-Security-Policy

Weak

frame-ancestors

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Significantly strengthen CSP directives
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

Caching Headers

0 headers

No caching headers found

Content Headers

1 headers

Content-Type

Content

text/html; charset=UTF-8

Server Headers

2 headers

Server

cloudflare

X-Powered-By

Server

ASP.NET

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

__cf_bm=rYOlJ9zifizgm5aPPXdjvbd8s095lMcwvUUnKioewqM-1769175953-1.0.1.1-duXN8dYjyFJ.iWkP2eJHb2V8socJUJyk4Q1XgRKCJfV6Pld73UbAFTGz0jx.itgLI8cxv8RhhrDJcH1Skj3cZ.lf5I42Jta2lQliC3IOdyc; path=/; expires=Fri, 23-Jan-26 14:15:53 GMT; domain=.www.hanidoll.com; HttpOnly; Secure; SameSite=None

Other Headers

16 headers

Alt-Svc

Other

h3=":443"; ma=86400

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9c27bbe63857dd0c-IAD

Date

Other

Fri, 23 Jan 2026 13:45:53 GMT

Link

Other

<https://img.staticdj.com>; rel=preconnect, <https://static.staticdj.com>; rel=preconnect

Nel

Other

{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}

Recommend-Channel

Other

collection_id

Report-To

Other

{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=puXt26L8Ch7tiKJFwprvn3CzOf7%2F8Xj1koeu0zOyMJgFv6XhnJnE%2F2A8nxyVhQ7ZltiVxQtMjQJvhNe8jh5E1PJnatk2nrj%2FqKREGRVnFxhOQfp269PgPsfrWa4qr8tCMec%3D"}],"group":"cf-nel","max_age":604800}

Request-Id

Other

1536f3c0-ebc1-4b93-a73f-317e52d9a745

Server-Timing

Other

cfRequestDuration;dur=783.999920

X-Cache-Seconds

Other

-1

X-Download-Options

Other

noopen

X-Page-Type

Other

15

X-Response-Entrypoint-Name

Other

entrypoint-aws-saas

X-Store-Id

Other

258850

X-Store-Locale

Other

en-US

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching

Consider removing X-Powered-By header to hide server technology