Open
Cached
·
just now
30
Headers
Detected Technologies from Headers
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
Connection
close
Vary
Accept-Encoding,Origin,X1-Bilispy-Color
connection: close vary: Accept-Encoding,Origin,X1-Bilispy-Color
Caching Headers
Age
0
Cache-Control
max-age=60
Etag
f327b7cfe47b938759c4f1fae2d10429
Expires
Tue, 12 May 2026 00:18:28 GMT
Last-Modified
Wed, 16 Oct 2024 02:40:02 GMT
age: 0 cache-control: max-age=60 etag: f327b7cfe47b938759c4f1fae2d10429 expires: Tue, 12 May 2026 00:18:28 GMT last-modified: Wed, 16 Oct 2024 02:40:02 GMT
Content Headers
Content-Length
5641
Content-Md5
8ye3z+R7k4dZxPH64tEEKQ==
Content-Type
text/html; charset=utf-8
content-length: 5641 content-md5: 8ye3z+R7k4dZxPH64tEEKQ== content-type: text/html; charset=utf-8
Server Headers
Server
Tengine
server: Tengine
CORS Headers
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
Origin,No-Cache,X-Requested-With,If-Modified-Since,Pragma,Last-Modified,Cache-Control,Expires,Content-Type,Access-Control-Allow-Credentials,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Cache-Webcdn,X-Bilibili-Key-Real-Ip,X-Upos-Auth,Range
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Content-Length,X-Cache-Webcdn,Content-Type,Content-Length,Content-Md5,X-Bili-Trace-Id
access-control-allow-credentials: true access-control-allow-headers: Origin,No-Cache,X-Requested-With,If-Modified-Since,Pragma,Last-Modified,Cache-Control,Expires,Content-Type,Access-Control-Allow-Credentials,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Cache-Webcdn,X-Bilibili-Key-Real-Ip,X-Upos-Auth,Range access-control-allow-methods: GET, POST, OPTIONS access-control-allow-origin: * access-control-expose-headers: Content-Length,X-Cache-Webcdn,Content-Type,Content-Length,Content-Md5,X-Bili-Trace-Id
Cookies Headers
Other Headers
Ali-Swift-Global-Savetime
1778516273
Code
200
Date
Mon, 11 May 2026 16:17:53 GMT
Eagleid
2ff6179c17785162726266959e
Timing-Allow-Origin
*
Via
ens-cache5.l2us4[737,737,304-0,H], ens-cache14.l2us4[739,0], ens-cache15.us22[746,762,200-0,H], ens-cache8.us22[768,0]
X-Amz-Request-Id
1778443244200929630
X-Amz-Version-Id
v1.0.0
X-Bili-Trace-Id
0d6770697e6470f040a03c82776a0201
X-Cache
HIT TCP_REFRESH_HIT dirn:5:309190229
X-Hyper-Traffic-Cache-State
hit
X-Swift-Cachetime
3600
X-Swift-Savetime
Mon, 11 May 2026 16:17:53 GMT
ali-swift-global-savetime: 1778516273 code: 200 date: Mon, 11 May 2026 16:17:53 GMT eagleid: 2ff6179c17785162726266959e timing-allow-origin: * via: ens-cache5.l2us4[737,737,304-0,H], ens-cache14.l2us4[739,0], ens-cache15.us22[746,762,200-0,H], ens-cache8.us22[768,0] x-amz-request-id: 1778443244200929630 x-amz-version-id: v1.0.0 x-bili-trace-id: 0d6770697e6470f040a03c82776a0201 x-cache: HIT TCP_REFRESH_HIT dirn:5:309190229 x-hyper-traffic-cache-state: hit x-swift-cachetime: 3600 x-swift-savetime: Mon, 11 May 2026 16:17:53 GMT
Recommendations
Enable compression (gzip/brotli) to improve performance