Open
Cached
·
just now
21
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Good
default-src; connect-src; font-src; +5 more
default-src 'self' *.tito.io *.intercom.io; connect-src 'self' *.tito.io *.fontawesome.com *.intercom.io www.google-analytics.com cdn.jsdelivr.net; font-src 'self' use.typekit.net *.tito.io; img-src *; script-src 'self' 'unsafe-inline' *.tito.io kit.fontawesome.com use.typekit.net widget.intercom.io js.intercomcdn.com www.google-analytics.com s3-eu-west-1.amazonaws.com cdn.jsdelivr.net data:; style-src 'self' 'unsafe-inline' *.tito.io s3-eu-west-1.amazonaws.com blob:; upgrade-insecure-requests; worker-src 'self'
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Strengthen CSP by removing 'unsafe-eval'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Caching Headers
2 headers
Cache-Control
Caching
max-age=0, private, must-revalidate
Etag
Caching
W/"98d5f48c70826d7f624ab6042f0a572a"
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
X-Runtime
Server
0.013881
CORS Headers
5 headers
Access-Control-Allow-Credentials
Cors
true
Access-Control-Allow-Headers
Cors
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
Access-Control-Allow-Methods
Cors
GET, PUT, POST, DELETE, PATCH, OPTIONS
Access-Control-Allow-Origin
Cors
*
Access-Control-Max-Age
Cors
1728000
Cookies Headers
1 headers
Set-Cookie
Cookies
_id-tito_session=R0REQkw2aS82SDVWcXU0MER5dCtuS0JoeFRNNWFCeWljc25KeUh5WDJHYnErZUVsVVZQdWNRdXZidW82RjB6Sm1Pb0JlMDIrQng1UVd4czY0UGpSalJkUXVtZDVqR3hOQ1JkM0VqSGtpRXZrckNuaVh4dnBOZ2VJczlhSmhDeFlaU2lubEZKWnkyS1NpenF0TStpR25RPT0tLVR2czJxQWxUdnVEMWdleWEwMXIzT0E9PQ%3D%3D--b748fbe441d6f77394dbf01981e0e52b05e5692e; path=/; secure; HttpOnly; SameSite=Lax
Other Headers
4 headers
Date
Other
Mon, 26 Jan 2026 06:52:24 GMT
X-Download-Options
Other
noopen
X-Permitted-Cross-Domain-Policies
Other
none
X-Request-Id
Other
8a5743c45d074beff306cbd37813ab13
Recommendations
Enable compression (gzip/brotli) to improve performance