Open
Cached
·
just now
13
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000; preload
Content-Security-Policy
Weak
upgrade-insecure-requests
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
geolocation=(),midi=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Significantly strengthen CSP directives
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
Performance Headers
2 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Caching Headers
1 headers
Cache-Control
Caching
no-cache, private
Content Headers
1 headers
Content-Type
Content
text/html; charset=UTF-8
Server Headers
1 headers
Server
Server
Caddy
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
dktf9WgOrwAzaDayb9XhIrgtKzGOc7Qpf0YoVAw0=eyJpdiI6IkZQaytqdFkrdkRQbVYzTTFjajZBWHc9PSIsInZhbHVlIjoiZlRNUGd2WC81K2dCeURwOSt0OWhwQUVDWFE4b1FQRHRVSzM2d2gwbmhYNmQyUC9rbUtSWFhjcCs2Tk4rUnpUeWdUUmF5a2xnOXdBQ295UkVJNm1PZXkrZ2k0SDg0bmxESUY1TjlMeUpXUGxYWW9hL2J5THU4OEZ5UW95RGhjVkdvUEdEU0wvbWNITzNsTnVOMTFOdmZXdXZnMFFoNXZyNVAxaWxQbjNaLzlQM2JXa29uZWo4aHJ6eWdIaFk4c2tURnl0a1RyaTlTbzV3VlpXUnUvWVo2MUdESEZwRzMrV2wvL09VVjFNdGpXNld1RlBrelUrZkVQenZ2dm9VQmdGZG5MZDBoZkxrVkdhUEp4RjFTZ1NoejR0NC9TR3Y4YXg2d0FKN2ZIREk0TythdkFBdEQ1K1NkaVVLTHFFaDc4a09FQlBKQUx0VHMvUjlGenhVWUhKelhyUUNVRUdCSnBSaEI4NklrTTE2bFpQSXp0bEJFbnM1NWtDcWNLcEp3SmlMIiwibWFjIjoiZjJmNzNiZGQwMzcwZDI1ZDk3ODI4ZGQ0NjEwMjM0MzE3ZDZiOWM3NzEwNWY4ZTc2MjUxOTM5OWI1ZDllOGY1ZCIsInRhZyI6IiJ9; expires=Thu, 15 Jan 2026 01:35:21 GMT; Max-Age=604800; path=/; secure; httponly; samesite=lax
Other Headers
1 headers
Date
Other
Thu, 08 Jan 2026 01:35:21 GMT
Recommendations
Enable compression (gzip/brotli) to improve performance