HTTP Headers Analysis for https://samson3.nnis.com

SSL Verification Bypassed

The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.

Reason:

Hostname Mismatch - certificate is issued for support.nivius.com, not for samson3.nnis.com

Open Cached · just now

17 Headers

Detected Technologies from Headers

See all in URL Inspect 3

Nginx

Vimeo

YouTube

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Basic

base-uri; default-src; font-src; +5 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

Performance Headers

No performance headers found

Caching Headers

Cache-Control

Caching

no-store

Etag

Caching

W/"fe5c9bc5fc8137b74f556765261d5fb0"

cache-control: no-store
etag: W/"fe5c9bc5fc8137b74f556765261d5fb0"

Content Headers

Content-Length

Content

3157

Content-Type

Content

text/html; charset=utf-8

content-length: 3157
content-type: text/html; charset=utf-8

Server Headers

Server

nginx

X-Runtime

Server

0.033474

server: nginx
x-runtime: 0.033474

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

set-cookie: _zammad_session_a138cfd0f37=10602b01f57fcdf3579327ba369d70fa; path=/; secure; HttpOnly

Other Headers

Csrf-Token

Other

HaZRHkB8IMoSgaJdlpRDlFi3-R6p16GjnbnwWaOh8B4dF7erxhWDJi_8ByeIN3utjgVtDVgnCYxTFLTB2PIIDA

Date

Other

Mon, 30 Mar 2026 17:02:03 GMT

Link

Other

URL /assets/application-58fcf0ae10335b38d2973f93902b993866f3e9acc8030bb1aefd60c126174d21.css

rel=preload as=style nopush

URL /assets/application-print-b13bcc6b8c456b67c376ff97d8c717cfa9869ea4412e4f49b65170aa535c5722.css

rel=preload as=style nopush

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

e0afaadf-aaf4-4748-83c8-a207bf80292a

csrf-token: HaZRHkB8IMoSgaJdlpRDlFi3-R6p16GjnbnwWaOh8B4dF7erxhWDJi_8ByeIN3utjgVtDVgnCYxTFLTB2PIIDA
date: Mon, 30 Mar 2026 17:02:03 GMT
link: </assets/application-58fcf0ae10335b38d2973f93902b993866f3e9acc8030bb1aefd60c126174d21.css>; rel=preload; as=style; nopush,</assets/application-print-b13bcc6b8c456b67c376ff97d8c717cfa9869ea4412e4f49b65170aa535c5722.css>; rel=preload; as=style; nopush
x-permitted-cross-domain-policies: none
x-request-id: e0afaadf-aaf4-4748-83c8-a207bf80292a

Recommendations

Enable compression (gzip/brotli) to improve performance