Open
Cached
·
just now
13
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Basic
base-uri; script-src; object-src; +2 more
base-uri *;script-src *.alibaba-inc.com log.mmstat.com *.mxhichina.com alimei-sub.alibaba.com ynuf.aliapp.org *.tdum.alibaba.com sw-pro.oss-cn-beijing.aliyuncs.com *.cloudmailbox.net alimail-web-assets.oss-cn-hangzhou.aliyuncs.com *.cnzz.com g.alicdn.com *.tbcdn.cn mail-sub.tongxin.cn *.alicdn.com 'nonce-dC0xMDk4NjUyLVBxRnNWaw4288' 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' 'sha256-5ZESDry5Jdgh27TvZdoin5zkV6TF0poectvQPYNk56c=';object-src 'self';frame-src * 'self';report-uri /alimail/browser_csp_result
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Connection
Performance
close
Vary
Performance
Accept-Encoding
Caching Headers
1 headers
Cache-Control
Caching
no-cache
Content Headers
3 headers
Content-Language
Content
zh-CN
Content-Length
Content
4407
Content-Type
Content
text/html;charset=UTF-8
Server Headers
1 headers
Server
Server
Tengine
CORS Headers
1 headers
Access-Control-Max-Age
Cors
0
Cookies Headers
1 headers
Set-Cookie
Cookies
alimail_sdata0=a24zos5gOAbHitWQr5w%2FAGRMgECP8pat2d4gp2suT2IyqzQx8bMDaC0NdxYkMpGWO7EcGfPkgftCI3E1BS9xioczJn9n17MOECzAkjP0871OugixSU9n4kODw3a3H2XgBGDOXKpWutauLVjj5oN3ig%3D%3D; Path=/; HttpOnly
Other Headers
2 headers
Date
Other
Tue, 20 Jan 2026 05:00:44 GMT
X-Robots-Tag
Other
noindex, nofollow
Recommendations
Enable compression (gzip/brotli) to improve performance