HTTP Headers Analysis for https://hrestart.com.br

HTTP Security Headers

Status

Strict-Transport-Security

Good

"max-age=31536000; includeSubDomains"

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Present

allow-from hrestart.com.br

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer

Permissions-Policy

Present

accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), unload=()

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Add Content-Security-Policy header to prevent XSS attacks

Performance Headers

3 headers

Connection

Performance

keep-alive

Keep-Alive

Performance

timeout=15

Transfer-Encoding

Performance

chunked

Caching Headers

1 headers

Age

Caching

0

Content Headers

2 headers

Content-Language

Content

en

Content-Type

Content

text/html; charset=UTF-8

Server Headers

1 headers

Server

gocache

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

ssr-caching=cache#desc=none; Max-Age=20; Expires=Fri, 14 Nov 2025 08:35:38 GMT

Other Headers

12 headers

Alt-Svc

Other

h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Date

Other

Fri, 14 Nov 2025 08:35:18 GMT

Glb-X-Seen-By

Other

bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=

Link

Other

<https://static.parastorage.com/>; rel=preconnect; crossorigin;,<https://static.parastorage.com/>; rel=preconnect;,<https://static.wixstatic.com/>; rel=preconnect; crossorigin;,<https://static.wixstatic.com/>; rel=preconnect;,<https://siteassets.parastorage.com>; rel=preconnect; crossorigin;,

Server-Timing

Other

cache;desc=none

Via

Other

1.1 google

X-Cache

Other

MISS

X-Envoy-Upstream-Service-Time

Other

1009

X-Gocache-Cachestatus

Other

BYPASS

X-Seen-By

Other

yvSunuo/8ld62ehjr5B7kA==,pmHZlB45NPy7b1VBAukQrewfbs+7qUVAqsIx00yI78k=,oDbbMvfdXCdtsgjD2KgaM8iHE4dbw+wewoJ5nvKoyjE=,m0j2EEknGIVUW/liY8BLLtVVWEVnKzeEzP87MzFy3AstFZnRrnvyqOEKpetNb+u3,2d58ifebGbosy5xc+FRaljrq+xAn9MuskAtbFwAJRGqggGwe2aTWLXzJBKYN3D6m6ubY5Dbge4F6o/m5jiQMB1iB5QmpRe2J37zq9nDD6cs=,2UNV7KOq4oGjA5+PKsX47M7S1LBvjFf6plYtj52u9Owxwy5Yb789UDkEfaJNWrtQ,/B3VgDtICCNDWQOEWfZmMj3rLC9TrhvU583tqNB+aNs=,9n3wTMzaU7zAZzBAj7gVU7B7peKgkhNWnWlMOAy1MoIj6r0AZAMucqm4C7kwBEyadi8f4zqAR5qGr7h7u8rDJw==,/B3VgDtICCNDWQOEWfZmMtRbnYZk+ahxDAEXYqW33AU=,LoUK8/saGAmOxZWtpubo2ouVAYTDdGqm3cJ/ebGu0FbagWRTSf47Yc2BIhhFCeyJQ18GboMzX7GWbQbx4/iNWLDNDkJzLC3vkEwHFMsA1ME=,/B3VgDtICCNDWQOEWfZmMqewfORUZ5fwiEatx4KcPH8=,/a5ccLSK1HEmwPNg/x6OulPU8S85kka7BDKM5hwa2NfarC/6P/BQo6+xk+JASB+OnhXn3pSYWWGGfH88tjSkKEj1N/R7J/l5cfd7o8evvxc=

X-Served-By

Other

cache-gru-sbsp2090049-GRU

X-Wix-Request-Id

Other

1763109317.374135125889752187088

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching