HTTP Headers Analysis for https://shop.yango.com

Detected Technologies from Headers

See all in URL Inspect 2

Yandex

Yandex Tools

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Basic

connect-src; script-src; img-src; +8 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

Close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding, RSC, Next-Router-State-Tree, Next-Router-Prefetch, Next-Router-Segment-Prefetch

connection: Close
transfer-encoding: chunked
vary: Accept-Encoding, RSC, Next-Router-State-Tree, Next-Router-Prefetch, Next-Router-Segment-Prefetch

Caching Headers

Cache-Control

Caching

private, no-cache, no-store, max-age=0, must-revalidate

cache-control: private, no-cache, no-store, max-age=0, must-revalidate

Content Headers

Content-Type

Content

text/html; charset=utf-8

content-type: text/html; charset=utf-8

Server Headers

No server headers found

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: _yasc=gk9EwZvv7OmSiH/jxEct5S9Pxomg0ZeNSZldu5/FOArXAhbSfQt9jdXQQiKbzXC5; domain=.yango.com; path=/; expires=Wed, 30 Apr 2036 22:29:41 GMT; secure
i=ertvpOxbxemGXLErpSlhdQCZEtxfQkIt9ObneFRyc0gunpAzNeb5aWfYvi35RM4v/deTvkZJPYnHOSDGKCqUJ6ZaVTU=; Expires=Tue, 02-May-2028 22:29:41 GMT; Domain=.yango.com; Path=/; Secure; HttpOnly
yandexuid=5016580601777847381; Expires=Tue, 02-May-2028 22:29:41 GMT; Domain=.yango.com; Path=/; Secure
yashr=6865131881777847381; Path=/; Domain=.yango.com; Expires=Mon, 03 May 2027 22:29:41 GMT; Secure; HttpOnly

Other Headers

Date

Other

Sun, 03 May 2026 22:29:42 GMT

X-Next-Page-Name

Other

main

X-Yarequest-Id

Other

fbfb8d2eda78fd0eaa5103c270a86866

X-Yaspanid

Other

b0b13ecd7deae166

X-Yatraceid

Other

32ccc66c86400fcecf2ded509be84585

date: Sun, 03 May 2026 22:29:42 GMT
x-next-page-name: main
x-yarequest-id: fbfb8d2eda78fd0eaa5103c270a86866
x-yaspanid: b0b13ecd7deae166
x-yatraceid: 32ccc66c86400fcecf2ded509be84585

Recommendations

Enable compression (gzip/brotli) to improve performance