Open
Cached
·
just now
25
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=63072000
Content-Security-Policy
Basic
default-src; style-src; script-src; +7 more
default-src 'self' https://fg.cdn.mediactive-network.net https://cdn.jsdelivr.net https://code.jquery.com https://use.typekit.net; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; script-src https://fg.cdn.mediactive-network.net https://rum-static.pingdom.net https://use.typekit.net https://cdnjs.cloudflare.com/ajax/libs/qrcodejs/1.0.0/qrcode.min.js 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://code.jquery.com; frame-src 'self' *.typeform.com; object-src 'self'; child-src 'self'; frame-ancestors 'self'; img-src https://p.typekit.net 'self'; upgrade-insecure-requests; block-all-mixed-content
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer-when-downgrade
Permissions-Policy
Present
geolocation=(); midi=(); notifications=(); push=(); sync-xhr=(self); accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=(); usb=(); xr=(self); speaker=(self); vibrate=(); fullscreen=(self);
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
Performance Headers
3 headers
Connection
Performance
Upgrade, close
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding
Caching Headers
4 headers
Age
Caching
216000
Cache-Control
Caching
no-store, no-cache, must-revalidate
Expires
Caching
Thu, 19 Nov 1981 08:52:00 GMT
Pragma
Caching
no-cache
Content Headers
1 headers
Content-Type
Content
text/html; charset=UTF-8
Server Headers
1 headers
Server
Server
Apache
CORS Headers
4 headers
Access-Control-Allow-Headers
Cors
X-Requested-With, Content-Type, Cache-Control, Pragma, Authorization, Accept, Accept-Encoding
Access-Control-Allow-Methods
Cors
PUT, POST, GET, OPTIONS, DELETE
Access-Control-Allow-Origin
Cors
https://www.groupe-mediactive.fr
Access-Control-Max-Age
Cors
1800
Cookies Headers
1 headers
Set-Cookie
Cookies
PHPSESSID=5bon0t17ao7bhlps0og3diuuss; expires=Fri, 16-Jan-2026 19:11:22 GMT; Max-Age=86400; path=/; secure; HttpOnly; SameSite=Strict
Other Headers
3 headers
Date
Other
Thu, 15 Jan 2026 19:11:22 GMT
Upgrade
Other
h2
X-Content-Security-Policy
Other
allow 'script-src' 'unsafe-inline' 'unsafe-eval' 'self' *.typekit.net *.pingdom.net *.groupe-mediactive.fr fg.cdn.mediactive-network.net cdn.mediactive-network.net *.cedexis.com *.typeform.com; fullscreen *.typeform.com
Recommendations
Enable compression (gzip/brotli) to improve performance