Open
Cached
·
just now
22
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=63072000; includeSubDomains; preload
Content-Security-Policy
Good
script-src; style-src; font-src; +7 more
script-src 'self' 'unsafe-inline' http: https: 'strict-dynamic' 'sha256-XXdWM2WyPnxdbGkabhd+Z0MHKdvjaIHjYBIqwpQQv9E=' 'sha256-R/CAGqFl6mgfyijXO4RVSoiPYelEM4FX6oiLbfIAhQ8=' 'sha256-Z/J+GXilQFq6xrxWRqMxEnjc9k+nD3SWlIhWtr/920o=' 'sha256-eaRhvxD1NyP8b9GsCnJn4shBsc7mJmqH8vusmC6VJrs=' 'sha256-lntt6xwZpMVJD8VYW4eiAJ6xx2lnIJitf2UHpoGi0r4=' 'sha256-fXqLUxXmGwpGKtsYWnJpcKsGVP4HSMcgf7lJ7MyHH14=' 'sha256-joyT0JY+3pg0x0afWFhvdzpsiOK2776/uMg84LC6EvI=' 'sha256-7/kGkJ/C+zOQs9RIR7/mmCX/9vxizdkNyhfWZ9RrED8=' 'sha256-3y6eCoF9CIEEhO67XqsZ7M6MzF//H2wyLNfv2me4y58=' 'sha256-ud+QK5J6OdjjqzQ2P71U6t1zUSLuNtgqn1V3PLW7SwQ=' 'sha256-9Bvv8I2N4xw3HoOKK9Ii3aaJWQ/CZBGkMI9+Oe+ulk4=' 'sha256-1mLCVIo6B32kIwdKufe2wyxdb1SqsKDO1HHR15fZMnU=' 'sha256-+uI0OYIdAPAx3/jL/GjKHIEamKRZT9pNL4MGZwO/bxk=' 'sha256-+AgYve4bYhF3MT2CBBrqbO8vPhA8Iu+h1osZ0xpJ/d4=' 'sha256-Z/t/BIMaLjizflJUbtyDXwjEAvBAy2E25xzCRtAmEFg=' 'sha256-8ccag4QwZnvjGJ7OG1O2tiS3KsUbk42lOyiGEFZYeIE=' 'sha256-FGVjZUPREzG2eIadkdV2dwDsg0JHH2q3vGK8vWywQlo=' 'sha256-ddcAnDtcSpCy6oPu0VjWkmt/Qp7uLgIp+fPZG89I7jY=' 'sha256-QCTEFGFLFylfBp+Bm/KpUlHRRpGVuGkls0kkmh7FYr8=' 'sha256-29Sq9YSa7tKW6XHDPpUgrVO1mLUTjsIaFQDyq1K6Or4=' 'sha256-xbQmtG6w61ivvPsp1j2ylmBFe7I7x0BpkKvhBHZcJII=' 'nonce-LYkP4H1nDJnON9v2icoBEQ=='; style-src 'self' https: http: 'unsafe-inline'; font-src 'self' https: http:; connect-src 'self' www.google.com *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net maps.googleapis.com *.waze.com *.wikipedia.org clouderrorreporting.googleapis.com; frame-src 'self' bid.g.doubleclick.net www.googletagmanager.com www.gcp.wazestg.com www.waze.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; object-src 'none'; base-uri 'self'; default-src 'self'; img-src 'self' data: https: http: data:; report-uri https://csp.withgoogle.com/csp/wazelivemap/20251118_experiment
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Strengthen CSP by removing 'unsafe-eval'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
1 headers
Vary
Performance
Accept-Encoding
Caching Headers
2 headers
Cache-Control
Caching
max-age=600, public
Etag
Caching
W/"e29b-nPLMlY1uQAF4qsUf0S+iR6hbBOQ"
Content Headers
2 headers
Content-Length
Content
58011
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
Server
Server
Google Frontend
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
9 headers
Alt-Svc
Other
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Content-Security-Policy-Report-Only
Other
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/waze-wfe;
Date
Other
Wed, 19 Nov 2025 18:00:55 GMT
Via
Other
1.1 google
X-Cloud-Trace-Context
Other
8fe37355c3bfe413bcfdf0e87f899735/12538124677122496290
X-Dns-Prefetch-Control
Other
off
X-Download-Options
Other
noopen
X-Waze-Name
Other
livemap
X-Waze-Service
Other
waze-livemap-prod/livemap-00084-cc6
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 550ms