Open
Cached
·
just now
22
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Basic
base-uri; font-src; form-action; +11 more
base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self' *.switch.ch *.swcdr.unic24a.net *.unic24a.dev *.umantis.com; img-src 'self' *.switch.ch *.swcdr.unic24a.net *.unic24a.dev data:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests; connect-src 'self' *.switch.ch *.swcdr.unic24a.net *.unic24a.dev tracker.switch.ch; frame-src 'self' *.youtube.com *.vimeo.com *.switch.ch; media-src 'self' *.switch.ch *.swcdr.unic24a.net *.unic24a.dev *.ytimg.com; script-src-elem 'self' 'unsafe-inline' *.switch.ch tracker.switch.ch; script-src 'self' report-sample 'unsafe-inline' 'unsafe-eval'
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
Performance Headers
2 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Caching Headers
5 headers
Age
Caching
0
Cache-Control
Caching
no-cache
Etag
Caching
"693c1b63-59"
Expires
Caching
Thu, 01 Jan 1970 00:00:01 GMT
Last-Modified
Caching
Fri, 12 Dec 2025 13:40:51 GMT
Content Headers
2 headers
Content-Length
Content
89
Content-Type
Content
text/html
Server Headers
0 headers
No server headers found
CORS Headers
1 headers
Access-Control-Allow-Origin
Cors
*
Cookies Headers
0 headers
No cookies headers found
Other Headers
5 headers
Cache-Status
Other
MISS
Date
Other
Fri, 12 Dec 2025 21:19:23 GMT
X-Azure-Ref
Other
20251212T211923Z-r18fbf757c94wcxfhC1BL1zfzs00000001r000000000255n
X-Cache
Other
CONFIG_NOCACHE
X-Uri
Other
//index.html
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 1009ms