Open
Cached
·
just now
15
Headers
Detected Technologies from Headers
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Basic
default-src; script-src; style-src; +4 more
default-src 'self' *.pbs.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.pbs.org *.googlesyndication.com *.adtrafficquality.google adservice.google.com adservice.google.co.in connect.facebook.net fundingchoicesmessages.google.com *.2mdn.net *.nr-data.net sb.scorecardresearch.com securepubads.g.doubleclick.net www.google-analytics.com analytics.google.com www.googletagmanager.com *.googletagservices.com 'unsafe-inline' 'unsafe-eval' *.cookielaw.org www.redditstatic.com alb.reddit.com analytics.tiktok.com s.pinimg.com *.ketchcdn.com *.ketchjs.com static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' *.pbs.org *.ketchcdn.com *.ketchjs.com; img-src 'self' blob: data: *.pbs.org *.doubleclick.net *.cookielaw.org *.googlesyndication.com *.adtrafficquality.google sb.scorecardresearch.com www.googletagmanager.com www.facebook.com graph.facebook.com platform-lookaside.fbsbx.com *.2mdn.net *.agkn.com *.fbsbx.com *.fbcdn.net www.google-analytics.com www.google.com *.googleusercontent.com tags.w55c.net www.redditstatic.com alb.reddit.com analytics.tiktok.com ct.pinterest.com impressions.onelink.me *.ketchcdn.com *.ketchjs.com; connect-src 'self' *.pbs.org *.pbs.org:7000 *.pbs.org:3000 *.localhost:3010 *.localhost:3020 *.localhost:3030 *.doubleclick.net *.googlesyndication.com *.adtrafficquality.google *.2mdn.net *.nr-data.net *.eloqua.com *.cookielaw.org *.onetrust.com csi.gstatic.com fundingchoicesmessages.google.com www.google-analytics.com analytics.google.com www.redditstatic.com alb.reddit.com analytics.tiktok.com ct.pinterest.com *.sentry.io *.ketchcdn.com *.ketchjs.com; frame-src 'self' *.pbs.org player.localhost:8080 *.doubleclick.net *.2mdn.net *.googlesyndication.com *.googleadservices.com *.adtrafficquality.google www.facebook.com www.google.com *.googletagservices.com *.youtube.com ct.pinterest.com *.ketchcdn.com *.ketchjs.com; upgrade-insecure-requests;
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
close
Transfer-Encoding
chunked
Vary
rsc,next-router-prefetch,Accept-Encoding,Cookie
Caching Headers
1 headers
Cache-Control
private, no-cache, no-store, max-age=0, must-revalidate
Content Headers
1 headers
Content-Type
text/html; charset=utf-8
Server Headers
2 headers
Server
CloudFront
X-Powered-By
Next.js
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
pbsol.station_id=92d89794-5ff0-4fe6-a443-cc888104e021; Path=/; Expires=Wed, 03 Feb 2027 06:20:38 GMT; Max-Age=30585600; Domain=.pbs.org; Secure; SameSite=none
Other Headers
6 headers
Date
Sat, 14 Feb 2026 06:20:38 GMT
Link
</_next/static/chunks/dbcf32df02494b93.css>; rel=preload; as="style", </_next/static/chunks/ba8027c92e8a8f69.css>; rel=preload; as="style", </_next/static/chunks/f39efda1a74cffd0.css>; rel=preload; as="style", </_next/static/chunks/dae3333ae51e14ce.css>; rel=preload; as="style"
Via
1.1 e8ac579de7fc88986153d8653adf92fc.cloudfront.net (CloudFront)
X-Amz-Cf-Id
zkkPoHGJqRYmxGvv1fxBfl-gH3m2Z-1QKmeD3mfIy2pW3JuAQHwM7g==
X-Amz-Cf-Pop
IAD55-P9
X-Cache
Miss from cloudfront
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology