Open
Cached
·
just now
21
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Good
default-src; style-src; script-src; +2 more
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com; script-src 'self' https://storage.googleapis.com; connect-src 'self' 3tc.eu.auth0.com; font-src 'self' fonts.gstatic.com
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
same-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Strengthen CSP by removing 'unsafe-eval'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Caching Headers
3 headers
Cache-Control
Caching
no cache
Etag
Caching
W/"30d-18b3d085c40"
Last-Modified
Caching
Tue, 17 Oct 2023 09:47:20 GMT
Content Headers
2 headers
Content-Length
Content
781
Content-Type
Content
text/html; charset=UTF-8
Server Headers
2 headers
Server
Server
nginx/1.25.2
X-Powered-By
Server
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
6 headers
Date
Other
Tue, 03 Feb 2026 09:07:22 GMT
Feature-Policy
Other
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; vibrate 'none'
X-Client-Version
Other
1.0.74
X-Dns-Prefetch-Control
Other
off
X-Download-Options
Other
noopen
X-Permitted-Cross-Domain-Policies
Other
none
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology