Open
Cached
·
just now
15
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Add Content-Security-Policy header to prevent XSS attacks
- • Consider adding Permissions-Policy to control browser features
Performance Headers
1 headers
Connection
Performance
close
Caching Headers
2 headers
Cache-Control
Caching
max-age=0, private, must-revalidate
Etag
Caching
W/"02a77054516025305ac0d448edb9e317"
Content Headers
2 headers
Content-Length
Content
10576
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
X-Runtime
Server
0.028216
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
_refcometeams_session=c9e2859706f3f308ad4d1d092a5aa16b; domain=.refcome.team; path=/; expires=Thu, 19 Feb 2026 01:34:12 GMT; secure; HttpOnly
Other Headers
4 headers
Date
Other
Tue, 20 Jan 2026 01:34:12 GMT
Link
Other
<https://www.googletagmanager.com/gtag/js?id=G-2FQRSKGLQ4>; rel=preload; as=script; nopush,<https://assets-v2.refcome.team/assets/application-806f9f380ad45849f746.css>; rel=preload; as=style; nopush,<https://fonts.googleapis.com/icon?family=Material+Icons>; rel=preload; as=style; nopush,<https://fonts.googleapis.com/icon?family=Material+Icons+Outlined>; rel=preload; as=style; nopush,<https://assets-v2.refcome.team/assets/application-806f9f380ad45849f746.js>; rel=preload; as=script; nopush,<https://assets-v2.refcome.team/assets/ja-806f9f380ad45849f746.js>; rel=preload; as=script; nopush
X-Permitted-Cross-Domain-Policies
Other
none
X-Request-Id
Other
dd27570f-0a08-429c-8b55-80eef5ac86ae
Recommendations
Enable compression (gzip/brotli) to improve performance