HTTP Headers Analysis for https://learn.yarno.com.au

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains;

Content-Security-Policy

Good

default-src; object-src; font-src; +7 more

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Strengthen CSP by removing 'unsafe-eval'
• Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers

Connection

Performance

keep-alive

Vary

Performance

Origin

Caching Headers

4 headers

Cache-Control

Caching

no-cache

Etag

Caching

W/"eb0dcc0c0d588df0ea02a0323ca4a0a3"

Expires

Caching

-1

Pragma

Caching

nocache

Content Headers

2 headers

Content-Length

Content

8667

Content-Type

Content

text/html; charset=utf-8

Server Headers

2 headers

Server

nginx

X-Runtime

Server

0.047722

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

_yarno_session=f2e2c40f9eb18661613cbe48f80bef26; domain=.yarno.com.au; path=/; expires=Thu, 13 Nov 2025 08:59:25 GMT; secure; httponly; samesite=lax

Other Headers

4 headers

Date

Other

Mon, 10 Nov 2025 08:59:25 GMT

Feature-Policy

Other

autoplay 'self'; fullscreen 'self'; camera 'none'; gyroscope 'none'; geolocation 'none'; microphone 'none'; usb 'none'; payment 'none'

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

ce0edf8b-7450-4c33-a2ff-1e6908134d6a

Recommendations

Enable compression (gzip/brotli) to improve performance