Open
Cached
·
just now
19
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=15768000
Content-Security-Policy
Basic
default-src; script-src; style-src; +1 more
default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://*.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://yandex.ru https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.ru https://*.serving-sys.ru https://*.weborama-tech.ru https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com https://*.vkvideo.ru 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com https://*.vkvideo.ru 'self' 'unsafe-inline';report-uri /csp
X-Frame-Options
Good
sameorigin
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
1 headers
Connection
Performance
close
Caching Headers
1 headers
Cache-Control
Caching
no-store
Content Headers
2 headers
Content-Length
Content
116783
Content-Type
Content
text/html; charset=utf-8
Server Headers
2 headers
Server
Server
kittenx
X-Powered-By
Server
KPHP/7.4.125762
CORS Headers
1 headers
Access-Control-Expose-Headers
Cors
X-Frontend
Cookies Headers
1 headers
Set-Cookie
Cookies
remixua=-1%7C-1%7C-1%7C1980567665; expires=Wed, 27 Jan 2027 21:16:36 GMT; path=/; domain=.vk.com; secure
Other Headers
7 headers
Date
Other
Thu, 29 Jan 2026 08:43:07 GMT
Link
Other
<https://st6-21.vk.com/>; rel=dns-prefetch
Reporting-Endpoints
Other
default="https://m.vk.com/browser_reports?dest=default_reports"
Server-Timing
Other
tid;desc="tr-Zp6am2khje0WSGIQJPKYjs8FRDw",front;dur=61.878
X-Frontend
Other
front656300
X-Trace-Id
Other
tr-Zp6am2khje0WSGIQJPKYjs8FRDw
X-Trace-Id-V2
Other
019c08eba9067c4d907357b5c9b0fd58
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology