HTTP Headers Analysis for https://oogarden.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; base-uri; connect-src; +11 more

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

accelerometer=(self), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(self), gyroscope=(self), keyboard-map=(),magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(self), gamepad=(), speaker-selection=()

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking

Performance Headers

1 headers

Transfer-Encoding

Performance

chunked

Caching Headers

2 headers

Cache-Control

Caching

no-store, must-revalidate, no-cache, max-age=0, private

Pragma

Caching

no-cache

Content Headers

1 headers

Content-Type

Content

text/html; charset=utf-8

Server Headers

1 headers

Server

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

datadome=rpHXjaLSCNnT~9fZ_lcFj1YUwfNqElrJ5rZBVT_ze3~Zdm_m1A3PPr7Y1RyVa0MntlYahrnvB~LSTLfLTMsHuVfQ3GZpknY42VQkeP5t1OHrKML4qVhYsxFaNd7QBIsl; Max-Age=31536000; Domain=.oogarden.com; Path=/; Secure; SameSite=Lax