HTTP Headers Analysis for https://issues.papoo-service.de

Detected Technologies from Headers

See all in URL Inspect 3

Apache

Vimeo

YouTube

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Basic

base-uri; default-src; font-src; +5 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Vary

Performance

Accept-Encoding

connection: close
vary: Accept-Encoding

Caching Headers

Cache-Control

Caching

max-age=0, private, must-revalidate

Etag

Caching

W/"c7258a0edca1a26e02929cc2efee68d3"

cache-control: max-age=0, private, must-revalidate
etag: W/"c7258a0edca1a26e02929cc2efee68d3"

Content Headers

Content-Length

Content

2937

Content-Type

Content

text/html; charset=utf-8

content-length: 2937
content-type: text/html; charset=utf-8

Server Headers

Server

Apache/2.4

X-Runtime

Server

0.025502

server: Apache/2.4
x-runtime: 0.025502

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: _zammad_session_a138cfd0f37=6e5e2680eede97e34643e3d4d2430110; path=/; secure; HttpOnly

Other Headers

Csrf-Token

Other

LEQi4bXLEpm8UoqBjGHWd0cAsipz2UcBWBYjhpj5bFR1ZgYxYMjb9WJipY_WFFTrWyWRDJTuM_xWAu6NOHsuMg

Date

Other

Sat, 09 May 2026 14:14:05 GMT

Link

Other

URL /assets/application-e65d85f130ca79c5a178f5a0b2295202fb0c7c6731c1149461db9fde746d4657.css

rel=preload as=style nopush

URL /assets/application-print-b13bcc6b8c456b67c376ff97d8c717cfa9869ea4412e4f49b65170aa535c5722.css

rel=preload as=style nopush

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

3fe56847-276c-4c28-bd21-80aadf9c594a

csrf-token: LEQi4bXLEpm8UoqBjGHWd0cAsipz2UcBWBYjhpj5bFR1ZgYxYMjb9WJipY_WFFTrWyWRDJTuM_xWAu6NOHsuMg
date: Sat, 09 May 2026 14:14:05 GMT
link: </assets/application-e65d85f130ca79c5a178f5a0b2295202fb0c7c6731c1149461db9fde746d4657.css>; rel=preload; as=style; nopush,</assets/application-print-b13bcc6b8c456b67c376ff97d8c717cfa9869ea4412e4f49b65170aa535c5722.css>; rel=preload; as=style; nopush
x-permitted-cross-domain-policies: none
x-request-id: 3fe56847-276c-4c28-bd21-80aadf9c594a

Recommendations

Enable compression (gzip/brotli) to improve performance