HTTP Headers Analysis for https://my.corebook.io

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=32000000; includeSubDomains; preload;

Content-Security-Policy

Basic

media-src; frame-ancestors; script-src

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Caching Headers

1 headers

Cache-Control

Caching

no-cache, private

Content Headers

1 headers

Content-Type

Content

text/html; charset=UTF-8

Server Headers

1 headers

Server

nginx

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

core_session=eyJpdiI6IjFxTFIxdktVOFNtNkpTNzJGKytNV2c9PSIsInZhbHVlIjoiS1VIc2FjOEZBdys0QUNia1lkNWZvWTlIVDFuclNLTnNpckYxQWVWTEdMeW0xSXkyNUZPYzhPWi9SNzhHWjF0bTR2Rys3cWVHUW1DVmQ3VlpoUE9jc2dpRnJXbzlhK1VyUUxRc3BxUW5XRmJ2SmRxMzhaYjFYWnVIMWRuRWgwUnQiLCJtYWMiOiJiNWJiNzZkYjlkZWE2MjM3NWZkNjI1ZjNiZDU0NGRiMDYwOGYzZmMxODgwNDNkZjVmZDQ2MGY5MTU0NmU0MGQ0IiwidGFnIjoiIn0%3D; expires=Mon, 26 Jan 2026 03:46:49 GMT; Max-Age=648000; path=/; domain=.corebook.io; secure; httponly; samesite=lax

Other Headers

1 headers

Date

Other

Sun, 18 Jan 2026 15:46:49 GMT

Recommendations

Enable compression (gzip/brotli) to improve performance