Open
Cached
·
just now
13
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer-when-downgrade
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Consider adding Permissions-Policy to control browser features
Performance Headers
1 headers
Connection
Performance
keep-alive
Caching Headers
2 headers
Age
Caching
0
Cache-Control
Caching
private
Content Headers
2 headers
Content-Length
Content
2659
Content-Type
Content
text/html; charset=iso-8859-1
Server Headers
1 headers
Server
Server
ATS
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
3 headers
Date
Other
Thu, 20 Nov 2025 12:39:20 GMT
P3p
Other
policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
X-Envoy-Upstream-Service-Time
Other
1
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 146ms