Open
Cached
·
just now
23
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=63072000; includeSubDomains; preload
Content-Security-Policy
Basic
default-src; img-src; script-src; +2 more
default-src 'unsafe-inline' https:; img-src 'self' data: https:; script-src 'unsafe-eval' 'unsafe-inline' https: data: blob:; font-src * data: blob:; frame-src 'self' https://storymaps.arcgis.com/ https://status.nearmap.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https:;
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Vary
Performance
RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding,Origin
Caching Headers
2 headers
Age
Caching
31
Cache-Control
Caching
public, max-age=60, stale-while-revalidate=60
Content Headers
2 headers
Content-Length
Content
428353
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
X-Powered-By
Server
Next.js
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
13 headers
Date
Other
Thu, 29 Jan 2026 06:03:09 GMT
Link
Other
<https://www.nearmap.com/static/_next/static/media/baf189c215c76387-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", <https://www.nearmap.com/static/_next/static/media/bd5cb8d9c6fd6413-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", <https://www.nearmap.com/static/_next/static/media/f7e28de6d6bf52b7-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2"
Via
Other
1.1 63560dd3f856b0f7bfe68a0cad46924a.cloudfront.net (CloudFront), 1.1 varnish, 1.1 varnish
X-Amz-Cf-Id
Other
5nBVSnWtaIDav6yiF2U4n8mbwOZXijtuTYcwvioQ_ABsW-tb_WkyMw==
X-Amz-Cf-Pop
Other
SEA900-P9
X-Amzn-Remapped-Connection
Other
keep-alive
X-Amzn-Remapped-Date
Other
Thu, 29 Jan 2026 06:02:38 GMT
X-Amzn-Requestid
Other
c5c64d28-e88f-46c7-8797-f6556d6c4a5c
X-Amzn-Trace-Id
Other
Root=1-697af7fe-4b7a13e313964b6003303cc9;Parent=3065eadb54b277a3;Sampled=0;Lineage=1:ca9b16fd:0
X-Cache
Other
Miss from cloudfront, HIT, MISS
X-Cache-Hits
Other
1, 0
X-Served-By
Other
cache-bfi-kbfi7400074-BFI, cache-ewr-kewr1740088-EWR
X-Timer
Other
S1769666589.018222,VS0,VE69
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology