Open
Cached
·
just now
23
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains;
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Add Content-Security-Policy header to prevent XSS attacks
- • Consider adding Permissions-Policy to control browser features
Performance Headers
1 headers
Connection
Performance
keep-alive
Caching Headers
2 headers
Cache-Control
Caching
max-age=0, private, must-revalidate
Etag
Caching
W/"3b0bf3ccbeafe023168e0d603e0e14f0"
Content Headers
2 headers
Content-Length
Content
64798
Content-Type
Content
text/html; charset=utf-8
Server Headers
2 headers
Server
Server
nginx
X-Runtime
Server
0.018043
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
_prefinery_session=Xk7AUTtZAylC1uV%2F%2FuoKOjyIEoMmq2kmWKYMBdceZbLoNiidmsFmg5Hz7EiQqRNSwGRy01r3WfHuPv5Dx7do07kENpeNYsOJSBA5aNEaOFlPQEmoeNc8ncofFyL0MQKGzkyJVx6Y0cDCyQ9wZXYwtgY4j2JpV2h6e3AIsrX1fg8I6oyE3GUs5Y0MP29x1e864yBwWkJE6x1qBy5EIKt3CvbPOWOQP7KWgvfQPpB%2FV%2B7wjNCO7jsXeI0okRqE3p1fCh%2FcXr%2FBg7e%2B3VSJ9iBgZJM0BZBiPm4gyO8%3D--CMcV%2Bdwd7Q3fCPBd--71Zv1Pb2%2BMpTHFAnM056HA%3D%3D; path=/; secure; HttpOnly; SameSite=Lax
Other Headers
10 headers
Date
Other
Mon, 24 Nov 2025 15:08:57 GMT
P3p
Other
policyref="/w3c/p3p.xml", CP="ALL DSP COR NID OUR"
Via
Other
1.1 e4c06b6e6eb895470e2fd65bbc93b3b6.cloudfront.net (CloudFront)
X-Amz-Cf-Id
Other
UkGdE6f3Hh91XC0lpqXavEVYywbXhJfy78wck5LbxvnQzv0EjXZPQg==
X-Amz-Cf-Pop
Other
IAD79-C3
X-Cache
Other
Miss from cloudfront
X-Download-Options
Other
noopen
X-Permitted-Cross-Domain-Policies
Other
none
X-Rack-Cache
Other
miss
X-Request-Id
Other
368e8623-1813-4d2b-8b63-cd3a64b4ea09
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 113ms