HTTP Headers Analysis for https://heycolleagues.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

geolocation=(self), microphone=()

Recommendations

• Add Content-Security-Policy header to prevent XSS attacks

Performance Headers

Connection

Performance

close

connection: close

Caching Headers

Cache-Control

Caching

public, s-maxage=300, stale-while-revalidate=60

Etag

Caching

W/"220d7-g6ZoVBJQLQhzoecBWvvxJ/xwt+Y"

cache-control: public, s-maxage=300, stale-while-revalidate=60
etag: W/"220d7-g6ZoVBJQLQhzoecBWvvxJ/xwt+Y"

Content Headers

Content-Length

Content

139479

Content-Type

Content

text/html; charset=utf-8

content-length: 139479
content-type: text/html; charset=utf-8

Server Headers

No server headers found

CORS Headers

Access-Control-Allow-Headers

Cors

Content-Type, Authorization

Access-Control-Allow-Methods

Cors

GET, POST, PUT, DELETE, OPTIONS

Access-Control-Allow-Origin

Cors

*

access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *

Cookies Headers

No cookies headers found

Other Headers

Alt-Svc

Other

h3=":443"; ma=2592000

Date

Other

Tue, 24 Feb 2026 08:36:41 GMT

Link

Other

URL https://www.heycolleagues.com/rss.xml

rel=alternate type=application/rss+xml title=Hey Colleagues RSS Feed

URL https://www.heycolleagues.com/atom.xml

rel=alternate type=application/atom+xml title=Hey Colleagues Atom Feed

URL https://www.heycolleagues.com/feed.json

rel=alternate type=application/feed+json title=Hey Colleagues JSON Feed

URL https://www.heycolleagues.com/

rel=canonical

Via

Other

1.1 Caddy

X-Bing-News

Other

include

X-Cache-Key

Other

GET:/

X-Cache-Status

Other

HIT

X-Robots-Tag

Other

index, follow, max-snippet:-1, max-image-preview:large

alt-svc: h3=":443"; ma=2592000
date: Tue, 24 Feb 2026 08:36:41 GMT
link: <https://www.heycolleagues.com/rss.xml>; rel="alternate"; type="application/rss+xml"; title="Hey Colleagues RSS Feed", <https://www.heycolleagues.com/atom.xml>; rel="alternate"; type="application/atom+xml"; title="Hey Colleagues Atom Feed", <https://www.heycolleagues.com/feed.json>; rel="alternate"; type="application/feed+json"; title="Hey Colleagues JSON Feed", <https://www.heycolleagues.com/>; rel="canonical", <https://www.heycolleagues.com/sitemap.xml>; rel="sitemap"; type="application/xml"; title="Hey Colleagues Sitemap", <https://pubsubhubbub.appspot.com/>; rel="hub"
via: 1.1 Caddy
x-bing-news: include
x-cache-key: GET:/
x-cache-status: HIT
x-robots-tag: index, follow, max-snippet:-1, max-image-preview:large

Recommendations

Enable compression (gzip/brotli) to improve performance