Open
Cached
·
just now
20
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=63072000; includeSubDomains; preload
Content-Security-Policy
Good
default-src; img-src; font-src; +8 more
default-src 'none'; img-src 'self' data: https://storage.googleapis.com https://*.com https://*.atme.hk https://*.atme.ae https://maps.gnosis.earth blob: https://*.com https://*.atme.hk https://*.atme.ae https://*.google-analytics.com https://*.googletagmanager.com; font-src 'self'; connect-src 'self' https://*.com https://*.atme.hk https://*.atme.ae https://maps.gnosis.earth https://www.google.com/recaptcha/ https://storage.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://analytics.ahrefs.com; script-src 'self' 'unsafe-inline' https://t.atme.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.googletagmanager.com https://analytics.ahrefs.com; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://api.sumsub.com; style-src 'self' 'unsafe-inline'; form-action 'self'; manifest-src 'self'; frame-ancestors 'none'; upgrade-insecure-requests;
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Strengthen CSP by removing 'unsafe-eval'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding
Caching Headers
1 headers
Cache-Control
Caching
private, no-cache, no-store, max-age=0, must-revalidate
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
Server
Server
envoy
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
device=b9df2c25-1e33-4bc6-8065-13fcabeb2c27; Path=/; Expires=Tue, 12 Jan 2027 00:00:00 GMT; Secure; HttpOnly; SameSite=lax
Other Headers
7 headers
Accept-Ch
Other
Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile
Alt-Svc
Other
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Date
Other
Mon, 08 Dec 2025 15:58:55 GMT
Link
Other
</_next/static/media/0ba443039d62fc5b-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/media/b261c59b2d76913d-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/media/e4af272ccee01ff0-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", <https://static.atme.com/BHATME/atme-logo.svg>; rel=preload; as="image"
Via
Other
1.1 google
X-Call-Id
Other
58b8d0e8-9fea-491b-8d8a-7cb3eff274e4
X-Envoy-Upstream-Service-Time
Other
18
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 452ms