HTTP Headers Analysis for https://m-m-m.sourceforge.net

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

upgrade-insecure-requests; frame-src; fenced-frame-src; +4 more

upgrade-insecure-requests; frame-src 'self' a.fsdn.com *.google.com http://c.sf-syn.com http://b.sf-syn.com *.googletagmanager.com *.doubleclick.net *.gstatic.com *.recaptcha.net recaptcha.net *.youtube.com www.youtube-nocookie.com *.consentmanager.net *.googlesyndication.com *.safeframe.usercontent.goog *.adtrafficquality.google *.googleadservices.com *.adnxs.com *.indexww.com *.rubiconproject.com *.criteo.com *.openx.net *.crsspxl.com http://*.pro-market.net *.pubmatic.com *.smartadserver.com *.lijit.com *.adnxs-simple.com error-report.com *.error-report.com html-load.com *.html-load.com *.fb.html-load.com content-loader.com *.content-loader.com *.fb.content-loader.com css-load.com *.css-load.com 07c225f3.online *.07c225f3.online as.sourceforge.net *.as.sourceforge.net app.hubspot.com *.amazon-adsystem.com; fenced-frame-src https:; object-src 'none'; frame-ancestors 'self'; form-action 'self' lists.sourceforge.net; script-src 'self' adservice.google.com.kh adservice.google.ga adservice.google.ge adservice.google.vu *.fb.html-load.com j.6sc.co adservice.google.co.jp adservice.google.az adservice.google.com.vc *.slashdotmedia.com adservice.google.ae fe.sitedataprocessing.com adservice.google.hn adservice.google.be adservice.google.com.qa adservice.google.ht adservice.google.com.pr adservice.google.mw adservice.google.com.ly translate.googleapis.com *.a47b.com *.euid.eu a.usbrowserspeed.com adservice.google.com.eg adservice.google.com.bh adservice.google.com.lb adservice.google.com.gi *.ybp.yahoo.com adservice.google.nu js.hscollectedforms.net adservice.google.com.et *.sharethrough.com *.adtrafficquality.google adservice.google.com.sv js.usemessages.com *.sharethru.com adservice.google.com.na adservice.google.ms *.fb.content-loader.com adservice.google.bt *.inmobicdn.net *.consentmanager.net adservice.google.com.co adservice.google.bf adservice.google.com.py blob: *.flashtalking.com adservice.google.as adservice.google.com.ni adservice.google.rw content-loader.com adservice.google.fm ml314.com adservice.google.com.pg adservice.google.co.il adservice.google.com.ua adservice.google.sn adservice.google.gy adservice.google.tt adservice.google.bs adservice.google.sc *.openxcdn.net adservice.google.com.kw adservice.google.co.uz adservice.google.me adservice.google.bj adservice.google.ml d-code.liadm.com adservice.google.co.ke adservice.google.com.fj adservice.google.co.vi adservice.google.com.ng adservice.google.pl adservice.google.com.mx a.fsdn.com adservice.google.rs *.betrad.com adservice.google.kg *.licdn.com adservice.google.co.id adservice.google.it adservice.google.com.ai *.adsafeprotected.com adservice.google.lk *.googlesyndication.com *.criteo.net adservice.google.co.mz *.tds.bid 07c225f3.online adservice.google.com.pe adservice.google.no adservice.google.gm *.doubleverify.com *.doubleclick.net adservice.google.sm adservice.google.lv *.gstatic.com adservice.google.vg adservice.google.co.zm adservice.google.com.br adservice.google.md *.tiny.cloud *.im-apps.net adservice.google.mu *.recaptcha.net recaptcha.net cmp.inmobi.com adservice.google.cl adservice.google.bg adservice.google.com.bd adservice.google.pt adservice.google.co.kr adservice.google.co.in adservice.google.la adservice.google.dk frontend.id-visitors.com adservice.google.at adservice.google.es adservice.google.jo adservice.google.to adservice.google.com.om adservice.google.tl adservice.google.com.gt pghub.io/js/pandg-sdk.js adservice.google.ee css-load.com adservice.google.com.ar adservice.google.cm adservice.google.tm adservice.google.co.ug adservice.google.ro adservice.google.com.cy *.adnxs.net adservice.google.com.np *.ampproject.org *.07c225f3.online adservice.google.com.tw js.hs-banner.com adservice.google.co.ls adservice.google.co.cr adservice.google.lt adservice.google.im adservice.google.ad adservice.google.com.tr adservice.google.fr adservice.google.hu *.gstatic.cn *.crsspxl.com *.ftstatic.com adservice.google.ps *.truste.com adservice.google.co.za adservice.google.ru adservice.google.bi adservice.google.gg adservice.google.co.ck *.googletagservices.com adservice.google.ie js.hs-analytics.net adservice.google.com.mm *.id5-sync.com adservice.google.com.au adservice.google.com.uy http://*.pro-market.net *.pubmatic.com *.trustarc.com *.crwdcntrl.net adservice.google.nl *.identitymatrix.ai adservice.google.co.ao adservice.google.com.hk adservice.google.co.ve adservice.google.je translate.google.cn *.html-load.com adservice.google.com.pa adservice.google.co.nz *.as.sourceforge.net adservice.google.dj *.googleadsserving.cn adservice.google.com.gh adservice.google.com.bn adservice.google.cz adservice.google.so adservice.google.com.af adservice.google.dm adservice.google.com.ph adservice.google.co.tz adservice.google.de adservice.google.ki adservice.google.iq adservice.google.ca adservice.google.co.uk as.sourceforge.net adservice.google.co.zw adservice.google.mn adservice.google.tg adservice.google.cg *.microsofttranslator.com adservice.google.ci *.cloudflareinsights.com adservice.google.is *.bing.com adservice.google.cv adservice.google.st adservice.google.sk http://c.sf-syn.com adservice.google.mg adservice.google.gt *.google.com adservice.google.al adservice.google.nr *.css-load.com adservice.google.co.bw *.uidapi.com *.content-loader.com *.googletagmanager.com adservice.google.ne adservice.google.com.mt adservice.google.fi adservice.google.com.bo adservice.google.ws *.permutive.app http://b.sf-syn.com *.amazon-adsystem.com adservice.google.com.vn *.adnxs.com adservice.google.li adservice.google.com.sg adservice.google.com.pk adservice.google.gr adservice.google.sr cdn.jsdelivr.net/gh/prebid/shared-id/ adservice.google.ch adservice.google.com.my *.33across.com adservice.google.td adservice.google.hr adservice.google.cf html-load.com adservice.google.com.ag adservice.google.dz adservice.google.com.ec adservice.google.com.tj adservice.google.com.sa *.creativecdn.com js.hsadspixel.net adservice.google.gl adservice.google.si adservice.google.com.cu adservice.google.tn adservice.google.com.jm adservice.google.mv *.hs-scripts.com adservice.google.cd adservice.google.com.sb adservice.google.co.th adservice.google.se *.google-analytics.com adservice.google.mk adservice.google.kz adservice.google.com.bz adservice.google.lu 'unsafe-inline' 'unsafe-eval'

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Present

geolocation=(), microphone=(), camera=(), payment=(), document-domain=(), display-capture=(), autoplay=()

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)

Performance Headers

1 headers

Connection

Performance

keep-alive

Caching Headers

2 headers

Cache-Control

Caching

no-cache

Pragma

Caching

no-cache

Content Headers

2 headers

Content-Length

Content

338140

Content-Type

Content

text/html; charset=utf-8

Server Headers

1 headers

Server

cloudflare

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

__cf_bm=njngbb76eKc9Xnn72pF6vKMIcs_PZYlyQ2knymXz1IQ-1763659015-1.0.1.1-1QzGFHbT0WVA31cf6Cl5xVzUiBBmJm7Z.Iv6V4WatIA9dPCeBUILGmw4lAMBgrvvZAweRK0XJJ8AekyB5ToKJym.w7VaZZYm1EVe7KlunvY; path=/; expires=Thu, 20-Nov-25 17:46:55 GMT; domain=.sourceforge.net; HttpOnly; Secure; SameSite=None

Other Headers

6 headers

Alt-Svc

Other

h3=":443"; ma=86400

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9a19990a1857ffbc-IAD

Date

Other

Thu, 20 Nov 2025 17:16:55 GMT

Feature-Policy

Other

geolocation 'none'; microphone 'none'; camera 'none'; payment 'none'; document-domain 'none'; display-capture 'none'; autoplay 'none'

Link

Other

<https://a.fsdn.com/con/js/sftheme/vendor/bizx-prebid.js?1763583265>; rel=preload; as=script, <https://a.fsdn.com/con/js/min/sf.sandiego-cmp-top.js?1763583265>; rel=preload; as=script, <https://c.amazon-adsystem.com/aax2/apstag.js>; rel=preload; as=script, <https://a.fsdn.com/con/css/fonts/sftheme/lato-v20-latin-ext_latin-regular.woff2>; rel=preload; as=font; crossorigin, <https://a.fsdn.com/con/css/fonts/sftheme/lato-v20-latin-ext_latin-700.woff2>; rel=preload; as=font; crossorigin, <https://a.fsdn.com/con/css/lato.css?1763583265>; rel=preload; as=style, <https://a.fsdn.com/con/css/sandiego.css?1763583265>; rel=preload; as=style, <https://a.fsdn.com/con/js/min/sf.sandiego-head.js?1763583265>; rel=preload; as=script

Recommendations

Enable compression (gzip/brotli) to improve performance