Open
Cached
·
just now
13
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000; preload
Content-Security-Policy
Weak
upgrade-insecure-requests
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
geolocation=(),midi=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Significantly strengthen CSP directives
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
Performance Headers
2 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Caching Headers
1 headers
Cache-Control
Caching
no-cache, private
Content Headers
1 headers
Content-Type
Content
text/html; charset=UTF-8
Server Headers
1 headers
Server
Server
Caddy
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
XA6dUprc0nAYR0741pDWwKd7aph8g9qMqehZ7Qhc=eyJpdiI6IlFVa2dEUTRKK05GVzBsV3BMYkhtT2c9PSIsInZhbHVlIjoiQXoxSC85U3dYajcwMlBhZThialVjVm45N01YZXc2Y01uQ3JrOHJQRk9nUk1rSldybVhLY0tsU2dHWm9rRzVRVFFWQzRNK21qOEdPUXdUWWdUZGZqU0dTa0kwd2hza2FGdW9yVVZsQjloN0pjOVMwaFdoaEwycUZyZ2pVWEYzeVI2UkkyOUVtVW9Idzk2VEdsckQ5d0s4ZXIwbWpXand3eHNCTHNTd1RiR1QwYW1VcHBtYWJCeG9LNS9RZ0lQRzZaWUNTaHVYWCtzNHRsUHV2Z0MwMTZwdG1KeHc0SklleGwvUG4yU3RTN09laFlwalJpdUVRUjZOSjhxTGQ1NGRvR3RORVZvWno1NW5lS1pZcHkya3VqM1VjaC95TE5HVXF4djZ2dlRlK3lqREFoV29JeERYQ3FYTTdrSU5aZFhSMnNYRjA3ckxYM1VPNExhRXQ5SHdZU3VXczNQOThPb09NakdJWkEraERzMk1zMElEZm1iV0VHWXdmZnYwdFBHSDJCIiwibWFjIjoiNGMyYmM5N2U4YmE1MzI0Yjc4ZTkyMDdlOTE2NmRjODlhYzE5MmM2MTUzZGM4ZWQxMjU4NTdhZjczNTUxN2E0MyIsInRhZyI6IiJ9; expires=Thu, 01 Jan 2026 18:23:50 GMT; Max-Age=604800; path=/; secure; httponly; samesite=lax
Other Headers
1 headers
Date
Other
Thu, 25 Dec 2025 18:23:50 GMT
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 555ms