Open
Cached
·
just now
15
Headers
Detected Technologies from Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=1800; includeSubDomains
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Good
no-referrer-when-downgrade
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Consider adding Permissions-Policy to control browser features
Performance Headers
Connection
close
Vary
Accept-Encoding
connection: close vary: Accept-Encoding
Caching Headers
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
cache-control: no-store, no-cache, must-revalidate, max-age=0
Content Headers
Content-Length
30839
Content-Type
text/html;charset=utf-8
content-length: 30839 content-type: text/html;charset=utf-8
Server Headers
Server
Apache
server: Apache
CORS Headers
No CORS headers found
Cookies Headers
Other Headers
Date
Fri, 01 May 2026 22:35:07 GMT
P3p
CP="Highspot does not have a P3P policy."
Report-To
Group
csp-enforce
max-age: 52w
Group
csp-reportOnly
max-age: 52w
Status
200 OK
Timing-Allow-Origin
https://bam.nr-data.net, https://js-agent.newrelic.com
X-Robots-Tag
noai
date: Fri, 01 May 2026 22:35:07 GMT
p3p: CP="Highspot does not have a P3P policy."
report-to: {"group":"csp-enforce","max_age":31536000,"endpoints":[{"url":"https://highspot.report-uri.com/r/d/csp/enforce"}]}, {"group":"csp-reportOnly","max_age":31536000,"endpoints":[{"url":"https://highspot.report-uri.com/r/d/csp/reportOnly"}]}
status: 200 OK
timing-allow-origin: https://bam.nr-data.net, https://js-agent.newrelic.com
x-robots-tag: noai
Recommendations
Enable compression (gzip/brotli) to improve performance