HTTP Headers Analysis for https://mail.task3d.xyz

SSL Verification Bypassed

The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.

Reason:

Hostname Mismatch - certificate is issued for privateemail.com, www.privateemail.com, not for mail.task3d.xyz

Open Cached · just now

17 Headers

Detected Technologies from Headers

See all in URL Inspect 1

Apache

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=15552000

Content-Security-Policy

Weak

frame-ancestors Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

geolocation=(self "https://privateemail.com"), microphone=()

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Significantly strengthen CSP directives

Performance Headers

Accept-Ranges

Performance

bytes

Connection

Performance

accept-ranges: bytes
connection: close

Caching Headers

Cache-Control

Caching

no-store

cache-control: no-store

Content Headers

Content-Length

Content

18694

Content-Type

Content

text/html; charset=UTF-8

content-length: 18694
content-type: text/html; charset=UTF-8

Server Headers

Server

Apache

server: Apache

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

set-cookie: PEBES=!hJ21ojxfw1JzOj+SN61NSQHDLL5Gh+NYkUAWwqVEJv4C6T14D3kLKAP0phqbRV3hJTESsxGoB4knbBY=; path=/; Httponly; Secure

Other Headers

Date

Other

Tue, 19 May 2026 00:44:39 GMT

X-Content-Security-Policy

Other

frame-ancestors 'self'

X-Webkit-Csp

Other

frame-ancestors 'self'

date: Tue, 19 May 2026 00:44:39 GMT
x-content-security-policy: frame-ancestors 'self'
x-webkit-csp: frame-ancestors 'self'

Recommendations

Enable compression (gzip/brotli) to improve performance