Open
Cached
·
just now
22
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Good
default-src; font-src; img-src; +5 more
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' *.google-analytics.com cdn.cookielaw.org 'nonce-lU8wZ7nf8HdlAzBUxJQfWg=='; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https:; report-uri /csp_violation_report
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Strengthen CSP by removing 'unsafe-eval'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Origin
Caching Headers
1 headers
Cache-Control
Caching
max-age=0, private, must-revalidate
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
2 headers
Server
Server
cloudflare
X-Runtime
Server
0.102906
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
_mcd-cas_session=DGLPlQxjCcPgNUS6GXweRnoOWNVXQE4Fz9AfAGj5CRxExyNYXXECQYR1wv9ZwkWm%2FjxGhf1nvLZqpDpaDdj7cAK4qtnpYNA5FMqWJzLA5FzX5YanyQ2uxHxPQs2WrWOcVv7jy7KLInW%2FjYXAkfYn57tVUw08izwMJ9WojcRCqyniKRGUKDxrtTjceNvu4dholBhoprlLelKJAjmpTbk1a36oQi6gIAGrksq23g2%2FTAU1nDklUS2JsyEwtK0NdO4HmsqsM33BOYBJBPVRteM7WNuziUCwcOpF%2FfNSPBD46u5WAXosf%2BEMD%2BiCbe8HPSNlg%2FBhbF8n%2FYGvfHT5hPRJez09%2BndWtCyv8UhbVlMIgPGpbu%2F%2BSHkdxDDeyLw%3D--TCmsh%2BhjpspJ9IZs--mRimRwRgE%2FTS5NuCvBOLhQ%3D%3D; path=/; secure; HttpOnly; SameSite=Lax
Other Headers
8 headers
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
9beea6951b348be2-IAD
Date
Other
Fri, 16 Jan 2026 15:29:51 GMT
Link
Other
</assets/application-9b3859045dc482fdb162fc4315ddb7ff1ebc027663daf1b42d0148b829d998ea.css>; rel=preload; as=style; nopush,</assets/application-c359395f5cb2696c11c1f086c3a68cce9106c6130aa22355aead35654a053d14.js>; rel=preload; as=script; nopush
Server-Timing
Other
request;desc="Request Time";dur=0.119;
X-Falcon-Request-Id
Other
da5fd4c8e6e5b604cdabb91625ef472d
X-Permitted-Cross-Domain-Policies
Other
none
X-Request-Id
Other
67a3d9a49f8de2953255355f4cde2210
Recommendations
Enable compression (gzip/brotli) to improve performance