Open
Cached
·
just now
28
Headers
Detected Technologies from Headers
HTTP Security Headers
Status
Strict-Transport-Security
Weak
max-age= 63072000; includeSubDomains; preload
Content-Security-Policy
Good
default-src; script-src; style-src; +11 more
default-src 'self' elca.ch *.elca.ch sumex.ch *.sumex.ch *.crazyegg.com; script-src 'self' 'nonce-MWVlMDU2YWEtN2ZkZC00ZDA2LWFmZmYtNzYyMTVjZDg1Y2Ex' 'strict-dynamic' 'unsafe-inline' *.crazyegg.com https://*.googletagmanager.com http: https: https://www.gstatic.com; style-src 'self' *.crazyegg.com 'unsafe-inline'; img-src 'self' elca.ch *.elca.ch sumex.ch *.sumex.ch *.crazyegg.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com blob: data: https://cdn.addevent.com; connect-src 'self' elca.ch *.elca.ch sumex.ch *.sumex.ch *.crazyegg.com https://script.crazyegg.com https://vimeo.com https://consentcdn.cookiebot.com https://elcawebsites.matomo.cloud https://elcamarketing.azurewebsites.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/api/siteverify http://httpproxy:3128; frame-src 'self' elca.ch *.elca.ch sumex.ch *.sumex.ch *.crazyegg.com https://player.vimeo.com https://www.google.com https://consentcdn.cookiebot.com https://www.google.com/recaptcha/; font-src 'self' data:; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; form-action 'self' elca.ch *.elca.ch sumex.ch *.sumex.ch; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests;
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
fullscreen=*, microphone=(), geolocation=(), camera=(), bluetooth=()
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Strengthen CSP by removing 'unsafe-eval'
Performance Headers
3 headers
Connection
close
Transfer-Encoding
chunked
Vary
RSC,Next-Router-State-Tree,Next-Router-Prefetch,Accept-Encoding
Caching Headers
1 headers
Cache-Control
private, no-cache, no-store, max-age=0, must-revalidate
Content Headers
1 headers
Content-Type
text/html; charset=utf-8
Server Headers
1 headers
Server
NA
CORS Headers
1 headers
Access-Control-Allow-Origin
https://www.sumex.ch
Cookies Headers
1 headers
Set-Cookie
ea3045c79ce46b8a7312213f26461b2b=f17033e63c2d680b0b9b44fe1713abac; path=/; HttpOnly; Secure; SameSite=None
Other Headers
11 headers
Date
Fri, 13 Feb 2026 02:27:49 GMT
Host
www.sumex.ch
Link
</_next/static/media/434cb22ffad1bd00-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </_next/static/media/54c76208542a99cd-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </_next/static/media/941396b781615e84-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </_next/static/media/9819e3fdea227299-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </_next/static/media/9d664ca44b962d18-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf"
User-Agent
mint/1.7.1
X-Forwarded-Host
www.sumex.ch, www.sumex.ch
X-Forwarded-Port
443
X-Forwarded-Proto
https
X-Forwarded-Server
www.sumex.ch
X-Middleware-Rewrite
/en/
X-Nonce
MWVlMDU2YWEtN2ZkZC00ZDA2LWFmZmYtNzYyMTVjZDg1Y2Ex
X-Permitted-Cross-Domain-Policies
none
Recommendations
Enable compression (gzip/brotli) to improve performance