HTTP Headers Analysis for https://iterum.nz

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Basic

base-uri; object-src; report-uri; +3 more

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

origin

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Accept-Ranges

Performance

none

Transfer-Encoding

Performance

chunked

Vary

Performance

Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site,Accept-Encoding

Caching Headers

3 headers

Cache-Control

Caching

no-cache, no-store, max-age=0, must-revalidate

Expires

Caching

Mon, 01 Jan 1990 00:00:00 GMT

Pragma

Caching

no-cache

Content Headers

1 headers

Content-Type

Content

text/html; charset=utf-8

Server Headers

1 headers

Server

ESF

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

3 headers

Date

Other

Sun, 09 Nov 2025 22:12:42 GMT

Document-Policy

Other

include-js-call-stacks-in-crash-reports

Reporting-Endpoints

Other

default="/web-reports?jobset=prod&wcrumsspbp=false&bl=editors.sites-viewer-frontend_20251103.03_p0&app=25&clss=1&context=eJwNz31UzXcABvCfe3_fJ0uW3nQLqdtQQ64cSnVXt9vbspnD7F7sjKmLRKVS8jJ1yNteDoaFEbc6pSvztsnBWWjnpB2bvC4LSyl6u2qlwmrPH59znuf577Hts8sfapDKhhmkOc4G6VNy2G2QvGggzyC9e9AgyWaD5EyhZw2S4YlBWk7X2wzSHfrCzSglUfcYoyR7GKW17xmlXIqLNEpplEnbKWjiA2mAMOmB5EGhT7sU0aTJ7lEEkjWnR9FLWYm9ihy6EdKnqKHL2j5FJb0y9SkGqHhXn-InWlrdr1hJSdKgIoP6Rg8qpDGDiu51g4q3NG2eUhlMoTlKZTTNfaZULqR11iA5m6b0BMsBpMgLkW3p4skQ-SrFBGrlOZRuCJM3UmesTu6nLe06-Wv6e0O43EDllnC5grRl4XIk7U_Ry0coLkMvJ5LitF62pRNn9fIZmvmLXtZRkleEnEG9EyPlQQpcGSmH0bg1kfJk2toUKX9DxulR8hK68XOUXEv7vouWC6mEysmcGCOXUoPjh3Ir1dnEyo2UOS9fbKYaS76op78u5It_qObfY6KWwkeZRSx5fmIWPvRlXYFIoE3WApFLl1YUiutUuqpQnKXqhkJxm1RnioQn2WwoFvY0PLdYuJDb2BLhRT4LSoSGwneWiFia21IqFtIayqITsy3iDNXHW8QLulJiEb9RwMQyEUo1FWWillLjTon11LL6lOiiQ2UtwkxVVa3iFhlD28QSWnStTcTRPWO7eET2h9uFKymf2WEYnbYfjnIaXz4cfvSg8l08oQx_e3xFH-fbYz41FY1AB1meO-AcrWhxQArZaBxhT0PUTniHzgU44RKFBTohhvwfOSOImre5wEqbzSOxnSbUjcQU-jHOFYVku8oVjvQ6iTnZFTs9VdhDy6er8MKkQiedL1PhMvXdUEGqVmHjcTdspbtmN9RR5i53bKbXVncoXrrjSK87imhf0igcpMbdo9BG-3WjcYgWxY7GErpn8UDVQw_cJB-rBzQ0v9MDC-nyorH4ddlYVFLL-bHoolk2nphH5wI8-dUT9Qme6Cj3xCvaUOCFLRRh9cJHtGqKGuk0I1qNYHJZq8YYepOrhnKbGonH1EijKzfVuEZ2f6jhQL30lqL-VGMWlVAZfTugxn4yT_VGKf0X4g2h9cbpUG-UU1uCN7rpZZY3emjhXW8spVjDeMylBuN4tJJ2wQREUq_wwSA9PuqDBrrfxEzl9r6ooEYHX7RRrZMv6umNsy-ULr744X4Qium2FIzfLcG4Q_0jQjBAltkhOEeDkhY2Q7QIHqbFLEo5oMU6qtv7ARrJpAzFSrIdFwpHqpsUhkaq0IfhFnlXhmEirdbrsJZq83Q4UK3DUcpp0WEn7YnS4yCNNOmhos5VevTTiBx2siojMEjDP4-ACz3uiEATdZ-OxFtyiouCio5visLy7Cgk08yqKOioPT0aPaQ-GY33qassGq_pe78YHKasGTG4-CQGV6mgIwaPdz1FEy1-_hTxlL24ETvItr8RjpSa3YT11OLajC4qbWtGhvk5sl69QA4dedSCIjoU1AqfCx2w22GFs9kKR7uhDwsqqzAi72rzXqW7_FmCKVM9yRSfkJ6cmuaXlpBuSpucwc2UOnlZanJSuikpfrG_xn_61KmaaX6aaYtTNP8DmqxgAA&build-label=editors.sites-viewer-frontend_20251103.03_p0&imp-sid=CPD2xbWL5pADFQFIqwIdKewESQ&is-cached-offline=false"

Recommendations

Enable compression (gzip/brotli) to improve performance