HTTP Headers Analysis for https://mail.mapsted.com

SSL Verification Bypassed

The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.

Reason:

Expired Certificate - the server's certificate has expired

Open Cached · just now

20 Headers

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers

Connection

Performance

Transfer-Encoding

Performance

chunked

Caching Headers

1 headers

Cache-Control

Caching

public, max-age=60, s-maxage=600

Content Headers

1 headers

Content-Type

Content

text/html

Server Headers

2 headers

Server

cloudflare

X-Powered-By

Server

Owner.com

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

_cfuvid=TTKWQUq0p.Wbnv_3vXENyghR.Bl0MKKAvKjaGfUiiKA-1768297127961-0.0.1.1-604800000; path=/; domain=.reynastaqueria.com; HttpOnly; Secure; SameSite=None

Other Headers

13 headers

Alt-Svc

Other

h3=":443"; ma=86400

Cf-Ray

Other

9bd3ec379da5c57f-IAD

Date

Other

Tue, 13 Jan 2026 09:38:47 GMT

Server-Timing

Other

posthog_ff_ab;dur=1.0, r2_get;dur=309.0

X-Owner-Flow

Other

4a-r2-hit

X-Owner-Hf-Version

Other

2025-12-17T05:16:34Z

X-Owner-R2-Age

Other

1257

X-Owner-R2-Hf-Version

Other

2025-12-17T05:16:34Z

X-Owner-R2-Key

Other

artifacts-4MfKLhN3mL8Q/index9vrtmm

X-Owner-R2-Release-Version

Other

2026-01-12T17:40:11Z

X-Owner-Release-Version

Other

2026-01-12T17:40:11Z

X-Owner-Route-Type

Other

marketing

X-Owner-Will-Refresh

Other

true

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology