HTTP Headers Analysis for https://id.go-vip.net

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Good

default-src; connect-src; frame-ancestors; +7 more

default-src 'self'; connect-src 'self' https://api.wpvip.com https://id.wpvip.com https://app.pendo.io https://data.pendo.io https://pendo-static-5636252415164416.storage.googleapis.com https://api.feedback.us.pendo.io https://content.pa.wpvip.com https://data.pa.wpvip.com https://browser-intake-datadoghq.com https://api.airtable.com https://sheets.googleapis.com https://www.googleapis.com/drive/v3/files https://*.myshopify.com/api/2024-07/graphql.json https://mock.shop/api; frame-ancestors https://app.pendo.io; frame-src https://app.pendo.io https://player.vimeo.com; img-src 'self' *.wp.com wpvip.com https://gravatar.com/avatar/ https://www.gravatar.com/avatar/ https://*.githubusercontent.com https://github.com https://lobby-vip.files.wordpress.com https://docs.wpvip.com/wp-content/uploads/sites/2/ https://cdn.pendo.io https://app.pendo.io https://data.pendo.io https://pendo-static-5636252415164416.storage.googleapis.com https://cdn.eu.pendo.io https://app.eu.pendo.io https://data.eu.pendo.io https://pendo-eu-static-5636252415164416.storage.googleapis.com data: https://content.pa.wpvip.com https://data.pa.wpvip.com https://i.vimeocdn.com https://integrations.wpvip.com http://integrations.wpvip.com; object-src none; script-src 'self' 'nonce-OTgyMjgxMjktNWYxYS00Mjk2LWJkNjYtN2YwNzZhMGQ1OGZi' https://stats.wp.com 'sha256-sabfV8wE85qxXXLDv8MG616tJi7WS4v041gHiYncJTc=' https://cdn.pendo.io https://app.pendo.io https://data.pendo.io https://pendo-static-5636252415164416.storage.googleapis.com https://cdn.eu.pendo.io https://app.eu.pendo.io https://data.eu.pendo.io https://pendo-eu-static-5636252415164416.storage.googleapis.com https://pendo-io-static.storage.googleapis.com https://content.pa.wpvip.com https://data.pa.wpvip.com; style-src 'self' 'unsafe-inline' https://cdn.pendo.io https://app.pendo.io https://data.pendo.io https://pendo-static-5636252415164416.storage.googleapis.com https://cdn.eu.pendo.io https://app.eu.pendo.io https://data.eu.pendo.io https://pendo-eu-static-5636252415164416.storage.googleapis.com https://content.pa.wpvip.com; media-src https://integrations.wpvip.com https://videos.files.wordpress.com; worker-src blob:

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Strengthen CSP by removing 'unsafe-eval'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

4 headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding, rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding

Caching Headers

1 headers

Cache-Control

Caching

no-cache, must-revalidate, max-age=0, no-store

Content Headers

1 headers

Content-Type

Content

text/html; charset=utf-8

Server Headers

2 headers

Server

nginx

X-Powered-By

Server

WordPress VIP <https://wpvip.com>

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

5 headers

Date

Other

Mon, 12 Jan 2026 14:02:03 GMT

X-Cache

Other

BYPASS

X-Download-Options

Other

noopen

X-Hacker

Other

If you're reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header.

X-Rq

Other

dca8 0 40 9980

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology