Open
Cached
·
just now
23
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Good
default-src; font-src; img-src; +6 more
default-src 'self' https:; font-src 'self' https: data: https://fonts.googleapis.com https://fonts.gstatic.com https://use.typekit.net; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline' https://maxcdn.bootstrapcdn.com; style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://use.typekit.net https://maxcdn.bootstrapcdn.com; connect-src 'self' https://*.yottaa.com https://*.yottaa.net https://api.clickatell.com https://*.nr-data.net https://www.google-analytics.com; frame-src 'self' https://*.yottaa.com; report-uri https://qoe-1.yottaa.net/_/csp-reports?siteKey=f7Umj7eBJXApfA
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Strengthen CSP by removing 'unsafe-eval'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding
Caching Headers
2 headers
Cache-Control
Caching
max-age=0, private, must-revalidate
Etag
Caching
W/"b162db7be4511ecfeb216bc10fafeb32"
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
3 headers
Server
Server
nginx + Phusion Passenger 6.0.1
X-Powered-By
Server
Phusion Passenger 6.0.1
X-Runtime
Server
0.010704
CORS Headers
1 headers
Access-Control-Allow-Origin
Cors
*
Cookies Headers
1 headers
Set-Cookie
Cookies
_yottaa_permissions=zqhY0FmnP9uqLTpvhj5j1qoSRneQWzIcXHkonAubgmNL5H6S7CEX%2FzedGoHiE2kOFNpI9%2FeKnlj5ac4jfXMYu8vJgqRK0IobyJFYTD8gF15B7L7YzvWE7NQI8KNAi8AkbY87xubi3mK6Jg1tZQJYXZBc9GKrCJMSWPH1p7Id2uwEiHHgVqZnaLMPHiUJhqlW%2BWdrB3zLKXnVMeR4U7pgsA%3D%3D--ZivQc90jGvam%2Bz6A--JPifjQHsi9pinN6hU9TUvw%3D%3D; domain=.yottaa.com; path=/; secure; HttpOnly
Other Headers
6 headers
Access-Control-Request-Method
Other
*
Date
Other
Wed, 31 Dec 2025 04:35:13 GMT
Status
Other
200 OK
X-Download-Options
Other
noopen
X-Permitted-Cross-Domain-Policies
Other
none
X-Request-Id
Other
0ec2340a-274d-4c23-81ae-158f4ccc4d1a
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology