Open
Cached
·
just now
31
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=63072000; includeSubDomains; preload
Content-Security-Policy
Basic
script-src; base-uri; report-uri; +5 more
script-src 'nonce-moBQ3agn8gvfn08V9qExAg==' 'strict-dynamic' 'unsafe-inline' https: 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=c88C9UjariY9de38DYr5LZuldw2bCljQXffXBp7twpehbs8s2FqcAbSn2TB8R1lC4QK-2aEPBdIgg1Kk3IU=&policy_id=28227&user_id=&request_id=d29afb17-fc7c-40e1-af7b-caac276cfb42; report-to csp-endpoint-ccujariydedyrlzuldwbcljqxffxbptwpehbssfqcabsntbrlcqkaepbdiggkkiu; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'self' *.mercadolibre.cl:* *.mercadolibre.com:* *.mercadolibre.com.ve:* *.mercadolibre.com.ar:* *.mercadolivre.com.br:* *.mercadolibre.com.co:* *.mercadolibre.com.ec:* *.mercadolibre.com.mx:* *.mercadolibre.com.pe:* *.mercadolibre.com.uy:* *.mercadopago.cl:* *.mercadopago.com.ar:* *.mercadopago.com.br:* *.mercadopago.com.co:* *.mercadopago.com.mx:* *.mercadopago.com.pe:* *.mercadopago.com.uy:* *.mercadopago.com.ve:* *.mercadopago.com:* *.adminml.com:* *.mercadolibre.co.cr:* *.mercadolibre.com.pa:* *.mercadolibre.com.do:* *.mercadolibre.com.bo:* *.mercadolibre.com.py:* *.mercadolibre.com.gt:* *.mercadolibre.com.hn:* *.mercadolibre.com.ni:* *.mercadolibre.com.sv:* *.mercadopago.com.ec:* *.portalinmobiliario.com:* *.mercadolivre.com:*, script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: mercadolibre.com.ar *.mercadolibre.com.ar mercadolibre.com.mx *.mercadolibre.com.mx mercadolivre.com.br *.mercadolivre.com.br mercadolibre.cl *.mercadolibre.cl mercadolibre.com.co *.mercadolibre.com.co credithub.com.br *.credithub.com.br js-agent.newrelic.com *.js-agent.newrelic.com http2.mlstatic.com *.http2.mlstatic.com facebook.net *.facebook.net googletagmanager.com *.googletagmanager.com jsdelivr.net *.jsdelivr.net googleapis.com *.googleapis.com mercadolibre.com.ve *.mercadolibre.com.ve mercadolibre.com.pe *.mercadolibre.com.pe mercadolibre.com.uy *.mercadolibre.com.uy mercadolibre.com.ec *.mercadolibre.com.ec youtube.com *.youtube.com jquery.com *.jquery.com gstatic.com *.gstatic.com googlesyndication.com *.googlesyndication.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net mercadolibre.com *.mercadolibre.com google.com *.google.com newrelic.com *.newrelic.com; report-uri https://events.mercadolibre.com/csp/reports?identifier=c88C9UjariY9de38DYr5LZuldw2bCljQXffXBp7twpehbs8s2FqcAbSn2TB8R1lC4QK-2aEPBdIgg1Kk3IU=&policy_id=29772&user_id=&request_id=d29afb17-fc7c-40e1-af7b-caac276cfb42; report-to csp-endpoint-ccujariydedyrlzuldwbcljqxffxbptwpehbssfqcabsntbrlcqkaepbdiggkkiu
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer-when-downgrade
Permissions-Policy
Missing
Not configured
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Connection
Performance
close
Vary
Performance
Accept-Encoding
Caching Headers
2 headers
Cache-Control
Caching
private, max-age=0, no-cache, no-store, must-revalidate
Etag
Caching
W/"38b18-MurKsiGAosGDTdh9t8f7XDMMHjE"
Content Headers
2 headers
Content-Length
Content
232216
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
Server
Server
Tengine
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
_mldataSessionId=15b7f70c-6bab-4953-8f34-479487fa0f98; Max-Age=1800; Domain=mercadolibre.com.ar; Path=/; Expires=Sun, 07 Dec 2025 19:04:16 GMT; Secure
Other Headers
17 headers
Accept-Ch
Other
device-memory, dpr, viewport-width, rtt, downlink, ect, save-data
Accept-Ch-Lifetime
Other
60
Alt-Svc
Other
h3=":443"; ma=86400
Date
Other
Sun, 07 Dec 2025 18:34:16 GMT
Reporting-Endpoints
Other
csp-endpoint-ccujariydedyrlzuldwbcljqxffxbptwpehbssfqcabsntbrlcqkaepbdiggkkiu="https://events.mercadolibre.com/csp/v2/reports?identifier=c88C9UjariY9de38DYr5LZuldw2bCljQXffXBp7twpehbs8s2FqcAbSn2TB8R1lC4QK-2aEPBdIgg1Kk3IU=&user_id=&request_id=d29afb17-fc7c-40e1-af7b-caac276cfb42"
Via
Other
1.1 a5acaf2dfa8333861f68733a0be7ead0.cloudfront.net (CloudFront)
X-Amz-Cf-Id
Other
gfW5CdYrTxc6GXXItwrvzRSNO42rQVTJPGXPNsYqZzhSYCR4ePP9dA==
X-Amz-Cf-Pop
Other
IAD89-P3
X-Cache
Other
Miss from cloudfront
X-D2id
Other
d29afb17-fc7c-40e1-af7b-caac276cfb42
X-Dns-Prefetch-Control
Other
on
X-Download-Options
Other
noopen
X-Envoy-Upstream-Service-Time
Other
52
X-Navigation-Version
Other
layout-5.22.3
X-Permitted-Cross-Domain-Policies
Other
none
X-Request-Device-Id
Other
d29afb17-fc7c-40e1-af7b-caac276cfb42
X-Request-Id
Other
d29afb17-fc7c-40e1-af7b-caac276cfb42
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 373ms