Open
Cached
·
just now
25
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=63072000;includeSubdomains;preload
Content-Security-Policy
Basic
default-src; script-src; worker-src; +7 more
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru okcdn.ru http://*.okcdn.ru https://*.okcdn.ru mycdn.me http://*.mycdn.me https://*.mycdn.me http://st-ok.cdn-vk.ru https://st-ok.cdn-vk.ru http://st-ok-pts.cdn-vk.ru https://st-ok-pts.cdn-vk.ru wss://ad.mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.googleapis.com *.gstatic.com www.google.com https://api-maps.yandex.ru yastatic.net yandex.st *.doubleverify.com *.adsafeprotected.com https://cdn.consentmanager.net https://football.sportmail.ru *.google.ru *.google.com *.googlesyndication.com *.yandex.ru static.dzeninfra.ru connect.ok.ru https://connect.ok.ru blob:; script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru https://*.mail.ru *.imgsmail.ru *.mradx.net ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru okcdn.ru http://*.okcdn.ru https://*.okcdn.ru http://st-ok.cdn-vk.ru https://st-ok.cdn-vk.ru http://st-ok-pts.cdn-vk.ru https://st-ok-pts.cdn-vk.ru mycdn.me http://*.mycdn.me https://*.mycdn.me mc.yandex.ru an.yandex.ru yastatic.net yandex.st *.google-analytics.com api-maps.yandex.ru https://api-maps.yandex.ru https://clck.yandex.ru *.googleapis.com *.gstatic.com www.google.com www.youtube.com https://www.youtube.com *.ytimg.com https://*.ytimg.com *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.goodgame.ru https://*.goodgame.ru https://*.moatads.com *.adlooxtracking.com *.adlooxtracking.ru *.adsafeprotected.com *.serving-sys.com *.serving-sys.ru *.weborama.fr *.weborama-tech.ru https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.hit.gemius.pl https://*.consentmanager.net https://gum.criteo.com https://football.sportmail.ru *.googletagmanager.com connect.facebook.net *.google.ru *.google.com *.googlesyndication.com yandex.ru static.dzeninfra.ru *.adtrafficquality.google; worker-src blob: 'self'; connect-src * wss: blob: data:; font-src * data: blob:; frame-src * blob: 'self'; img-src * data: blob: about:; media-src * data: blob:; object-src *; report-uri /csp/report;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding
Caching Headers
3 headers
Cache-Control
Caching
no-store
Expires
Caching
Mon, 26 Jul 1997 05:00:00 GMT
Pragma
Caching
no-cache
Content Headers
1 headers
Content-Type
Content
text/html;charset=UTF-8
Server Headers
1 headers
Server
Server
kittenx
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
ss_wb=pa0Iey4j8P-8HD9LJhuB4P2DaQRUD9RmhfxOAFr0ecvRLgR7T6lMECnTG9TGdLeNTZAQFA_Io1U-R2h2B3s9CggrIcbjoxa2Cw; Secure; Max-Age=86400; HttpOnly; SameSite=None; Domain=ok.ru
Other Headers
11 headers
Content-Security-Policy-Report-Only
Other
default-src data: blob: about: 'self' 'unsafe-inline' 'unsafe-eval' https: wss:; report-uri /csp/report?always;
Date
Other
Tue, 13 Jan 2026 02:45:08 GMT
Fetchedall
Other
true
Link
Other
<//st-ok.cdn-vk.ru/res/js/stringUtils-o0ehtgie.js>; as=script; rel=preload,<//st-ok.cdn-vk.ru/res/js/dateTimeUtils-lfh1150m.js>; as=script; rel=preload
Rendered-Blocks
Other
HtmlPage
Server-Timing
Other
tid;desc="vCWxKQ-rpbryn8BV0GD07TuoyKeB0Q",front;dur=67.146
X-Client-Flags
Other
ms:0;dcss:0;mpv2:1;dz:0
X-Sct
Other
true
X-State
Other
st.cmd=anonymMain
X-Stateid
Other
anonymMain
X-Trace-Id
Other
vCWxKQ-rpbryn8BV0GD07TuoyKeB0Q
Recommendations
Enable compression (gzip/brotli) to improve performance