HTTP Headers Analysis for https://secure.lilt.com

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Weak

require-trusted-types-for; report-uri

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Significantly strengthen CSP directives
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

1 headers

Connection

Performance

close

Caching Headers

3 headers

Cache-Control

Caching

no-cache, no-store, max-age=0, must-revalidate

Expires

Caching

Mon, 01 Jan 1990 00:00:00 GMT

Pragma

Caching

no-cache

Content Headers

2 headers

Content-Length

Content

1740

Content-Type

Content

text/html; charset=UTF-8

Server Headers

1 headers

Server

GSE

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

__Host-GAPS=1:W6BQgubcNjPT_MTqs5mO82qXgp_i8w:loisXd6HvwL1kKAc;Path=/;Expires=Mon, 27-Dec-2027 19:39:51 GMT;Secure;HttpOnly;Priority=HIGH

Other Headers

6 headers

Alt-Svc

Other

h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Cross-Origin-Opener-Policy-Report-Only

Other

same-origin; report-to="coop_gse_qebhlk"

Date

Other

Sat, 27 Dec 2025 19:39:51 GMT

Location

Other

https://accounts.google.com/v3/signin/identifier?opparams=%253Fopenid.realm%253Dhttps%25253A%25252F%25252Fapp.sendsafely.com%25252Fauth%25252Fgoogle%25252F%25253Faction%25253DauthReturn%2526hd%253Dlilt.com&dsh=S-1456834395%3A1766864391922248&client_id=1038922135064-ircl84vhei47ndqime5snkgca4j924bm.apps.googleusercontent.com&hd=lilt.com&o2v=2&redirect_uri=https%3A%2F%2Fapp.sendsafely.com%2Fauth%2Fgoogle%2F%3Faction%3DauthReturn&response_type=code&scope=openid+email&service=lso&state=rMZux_eRZ3-kbxYfEG0QQlvzzRCYrGVlzxZUCEt05dE&flowName=GeneralOAuthLite&continue=https%3A%2F%2Faccounts.google.com%2Fsignin%2Foauth%2Flegacy%2Fconsent%3Fauthuser%3Dunknown%26part%3DAJi8hAM2AIHWT9-SiuzFPpUYFqEAjI84ZrvlgqJq339loxu1j2oEhmd-UJkljM3yPCgc0Wb-pONHI3yCURqoZo_Iv55iks6O9baTRn4caUBKOtITHYnWYESKQcuGgUG2vQW-hQyv_WP2TQP8ss0xZSAJRhThf4zkd58fv_RWzwp3DPOORbJI7GIRqD0I7xDxRPY-92t-u6G1ZrhfFnIRyzs7tNL4crSNTtatHWe0FKaSQu3I3kVYpK5Xk0FQf0gIpw4Vm2sxPSA2CudgH2MqopnZB9TRWf1jpHTt7-NeshbxGq8dekUbFXCpfdhqwhNA72EIS7GXBpQD3d6XgqEYHDQGDFeeBYs3GOBXNWM1dzVKHdXsfMO3BW-5SWhW9v045LqzxhvZduETjyUj-9kjdAd1GjgSM8u-_ObMJ2q-Xqknm5SjEFhnKSLdqpgeRcKHmyBB472q-186pisH9VeIAnZeMuYyq3sSTA%26flowName%3DGeneralOAuthFlow%26as%3DS-1456834395%253A1766864391922248%26client_id%3D1038922135064-ircl84vhei47ndqime5snkgca4j924bm.apps.googleusercontent.com%23&app_domain=https%3A%2F%2Fapp.sendsafely.com&rart=ANgoxce0HwG5KmP545yu1HPJPDSgGlF6zBUx7WMROcpoFLGbq2qxfb--t_BdVrpjhuB4zDlKoIHZ2oBpXa2H6n4Qx_xe5F9bRQHdHZWoXWLjcVoux8erdzg

Origin-Trial

Other

Ajo6ZZxoPufZZ6x0UgjawhB/adBJ+tLG7aX1MO8kWVCTHdOVSlY4OjhBhzivzulNh6ikNKRnwxwK18EvUu6aOgcAAABteyJvcmlnaW4iOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IldlYlZpZXdYUmVxdWVzdGVkV2l0aERlcHJlY2F0aW9uIiwiZXhwaXJ5IjoxNzU4MDY3MTk5fQ==

Report-To

Other

{"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}

Recommendations

Enable compression (gzip/brotli) to improve performance