Open
Cached
·
1h ago
20
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
accelerometer=(), autoplay=(), camera=(); +11 more
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Strengthen CSP by removing 'unsafe-eval'
Performance Headers
Connection
close
Transfer-Encoding
chunked
connection: close transfer-encoding: chunked
Caching Headers
Cache-Control
must-revalidate, no-cache, no-store, post-check=0, pre-check=0, private
cache-control: must-revalidate, no-cache, no-store, post-check=0, pre-check=0, private
Content Headers
Content-Type
text/html; charset=UTF-8
content-type: text/html; charset=UTF-8
Server Headers
No server headers found
CORS Headers
No CORS headers found
Cookies Headers
Other Headers
Accept-Ch
Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Bitness
Date
Wed, 13 May 2026 08:55:33 GMT
X-Permitted-Cross-Domain-Policies
none
X-Robots-Tag
noindex, nofollow
X-Trace-Id
0363be7c-aa85-4d3f-aa54-660268beb87d
X-Ua-Compatible
IE=edge
accept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Bitness date: Wed, 13 May 2026 08:55:33 GMT x-permitted-cross-domain-policies: none x-robots-tag: noindex, nofollow x-trace-id: 0363be7c-aa85-4d3f-aa54-660268beb87d x-ua-compatible: IE=edge
Recommendations
Enable compression (gzip/brotli) to improve performance