HTTP Headers Analysis for https://matrixbooking.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; script-src; connect-src; +4 more

X-Frame-Options

Present

SAMEORIGIN #arba DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer-when-downgrade

Permissions-Policy

Present

accelerometer=Origin(), autoplay=(), camera=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), publickey-credentials-get=(), usb=()

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'

Performance Headers

4 headers

Connection

Performance

Keep-Alive

Performance

timeout=5, max=100

Transfer-Encoding

Performance

chunked

Vary

Performance

User-Agent,Accept-Encoding, User-Agent, Referer

Caching Headers

2 headers

Age

Caching

216000

Etag

Caching

"600-1762370779;;;"

Content Headers

1 headers

Content-Type

Content

text/html; charset=UTF-8

Server Headers

0 headers

No server headers found

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

7 headers

Alt-Svc

Other

h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

Content-Security-Policy-Report-Only

Other

default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-VlFVNlni3hZImWDz0oxzsQ==' https:; style-src 'self' 'unsafe-inline' https://js.zohocdn.com https://fonts.googleapis.com https://db.onlinewebfonts.com; font-src 'self' data: https://fonts.gstatic.com https://css.zohocdn.com https://db.onlinewebfonts.com; img-src 'self' data: https://www.google-analytics.com https://matrixbooking.matomo.cloud https://www.gstatic.com https://region1.analytics.google.com https://salesiq.zohopublic.eu https://css.zohocdn.com https://www.google.co.uk; connect-src 'self' https://matrixbooking.matomo.cloud https://www.google-analytics.com https://salesiq.zohopublic.eu https://region1.analytics.google.com https://js.zohocdn.com https://stats.g.doubleclick.net wss://vts.zohopublic.eu; frame-src https://www.google.com https://www.googletagmanager.com; object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests; report-uri https://www.matrixbooking.com/csp-report-endpoint;

Date

Other

Sun, 09 Nov 2025 19:53:11 GMT

Feature-Policy

Other

accelerometer 'none'; ambient-light-sensor 'self'; autoplay 'self'; camera 'none'; cookie 'self'; docwrite 'self'; domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'self'; picture-in-picture 'self'; speaker 'self'; sync-script 'self'; sync-xhr 'self'; unsized-media 'self'; usb 'none'; vertical-scroll 'self'; vibrate 'none'; vr 'none'

Link

Other

<https://www.matrixbooking.com/>; rel=shortlink

X-Litespeed-Cache

Other

hit

X-Permitted-Cross-Domain-Policies

Other

none

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching