Open
Cached
·
just now
13
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000; preload
Content-Security-Policy
Weak
upgrade-insecure-requests
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
geolocation=(),midi=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Significantly strengthen CSP directives
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
Performance Headers
2 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Caching Headers
1 headers
Cache-Control
Caching
no-cache, private
Content Headers
1 headers
Content-Type
Content
text/html; charset=UTF-8
Server Headers
1 headers
Server
Server
Caddy
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
LkEnGTPEtkG3qUxJ8zXE1vOtD6kPMceqTqxeLBh4=eyJpdiI6IkR0Q1RhOXJJY2RhOEhUVkt3RVVqZGc9PSIsInZhbHVlIjoiUGppdGlkOUloS0N2OUhrNGtHck5GVm1tUFJZbDk1MkY2TDRIS0thd00yMDEvLzhOelhRZ3ZQL0ZVUEdlaG5tQkg3YVhxaDFKYm5RM1hPbm53aGhDK1FYZHNGMlRDdjBnUTBvZ0k1M3kyelpYekJZQ2VWOG9jdzluVGwrbnRDNzdmTSszV3RuQVdMTkpGRFg2TUV1M1hndTlJSW9tL2dscis4cXJuZlNJdE5IZm9ISjJMODB5NFhldHd6NTBiejA3YlB0aGlLMTRFZS9mNkVncHlHUzJoZUFlOEdaNUdaREMzZlorMU1ZSUxKeDBCWTRrYXluU2h2T3hMWXBxbEI2aDh0RnFpMmRwMTJ0VDZacUdjVDB2VmpoTms1K1dROUxxLzcwWlBUK25MSzNxNjlFdHJxbmtJaTgvTzBhK3JCaGd2TGFnbUx5OUt5MFc1aW5kcjA2ayt0RWUzMTg0Um1SUDQ2WmhDV0w5eVA0M1l1bzg3YllvVExZT1gzMUVnajl4IiwibWFjIjoiZjNlYzA5MTUzZjkzMzY3YWRkYTI3ZmNjZmFlZTY4MDcyZTU5ODU4NjExN2FhOGFjZDllY2I5NDFiOGIzY2FjYiIsInRhZyI6IiJ9; expires=Mon, 05 Jan 2026 13:59:06 GMT; Max-Age=604800; path=/; secure; httponly; samesite=lax
Other Headers
1 headers
Date
Other
Mon, 29 Dec 2025 13:59:06 GMT
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 664ms