Open
Cached
·
just now
11
Headers
Detected Technologies from Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Significantly strengthen CSP directives
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
No performance headers found
Caching Headers
Age
15
Cache-Control
must-revalidate, no-cache, private
age: 15 cache-control: must-revalidate, no-cache, private
Content Headers
Content-Length
176839
Content-Type
text/html; charset=UTF-8
content-length: 176839 content-type: text/html; charset=UTF-8
Server Headers
No server headers found
CORS Headers
No CORS headers found
Cookies Headers
Other Headers
Date
Tue, 12 May 2026 13:59:54 GMT
Report-To
Group
csp-endpoint
max-age: 18w
X-Content-Security-Policy
base-uri 'none'; frame-ancestors 'self'
date: Tue, 12 May 2026 13:59:54 GMT
report-to: {"group":"csp-endpoint","max_age":10886400,"endpoints":[{"url":"https://o4507136450691072.ingest.de.sentry.io/api/4509520017424464/security/?sentry_key=6c6643bea718eb79f77efa794ab78e39&sentry_environment=prod"}],"include_subdomains":true}
x-content-security-policy: base-uri 'none'; frame-ancestors 'self'
Recommendations
Enable compression (gzip/brotli) to improve performance