Open
Cached
·
just now
20
Headers
Detected Technologies from Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=86400
X-Frame-Options
Present
sameorigin, sameorigin
X-Content-Type-Options
Present
nosniff, nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
Connection
close, Transfer-Encoding
Transfer-Encoding
chunked
connection: close, Transfer-Encoding transfer-encoding: chunked
Caching Headers
Cache-Control
max-age=0, no-cache, no-store
Expires
Tue, 17 Feb 2026 06:21:26 GMT
Pragma
no-cache
cache-control: max-age=0, no-cache, no-store expires: Tue, 17 Feb 2026 06:21:26 GMT pragma: no-cache
Content Headers
Content-Type
text/html; charset=utf-8
content-type: text/html; charset=utf-8
Server Headers
No server headers found
CORS Headers
No CORS headers found
Cookies Headers
Other Headers
Date
Tue, 17 Feb 2026 06:21:26 GMT
X-Akamai-Transformed
0 374093 0 -
X-Cache-Ability
uncacheable
X-Envoy-Upstream-Service-Time
238
X-Full-Ttl
300.000
X-Hits
0
X-Status
miss
X-Varnish
276172054
X-Vcl-Version
NBA.com prod 1.7b
date: Tue, 17 Feb 2026 06:21:26 GMT x-akamai-transformed: 0 374093 0 - x-cache-ability: uncacheable x-envoy-upstream-service-time: 238 x-full-ttl: 300.000 x-hits: 0 x-status: miss x-varnish: 276172054 x-vcl-version: NBA.com prod 1.7b
Recommendations
Enable compression (gzip/brotli) to improve performance