HTTP Headers Analysis for https://swafpapp.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31556926

Content-Security-Policy

Basic

connect-src; frame-src; img-src; +6 more

connect-src 'self' blob: data: https://swafp-swam.firebaseapp.com/api/v1/ firestore.googleapis.com us-central1-swafp-swam.cloudfunctions.net www.googleapis.com securetoken.googleapis.com apis.google.com swa-images.web.app swafp-swam.firebaseapp.com https://identitytoolkit.googleapis.com/v2/accounts/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/recaptcha/releases/ 'sha384-b0a74d1a7afcd8ccf4206f6c46f5693f57fadcc9feb6b513777527ea7d63de81f6fe3ef9507dbcc384d25aaac08aff4a' 'sha384-VQkqyzWECBbjdnrmLsMeQdf0TTXr6rfxgJXnIIszVBecGcFa03Tl4VBO4n2inOOm' https://identitytoolkit.googleapis.com/v1/ https://openidconnect.googleapis.com/v1/userinfo https://firebasestorage.googleapis.com/v0/b/swafp-swam.appspot.com/ https://firebasestorage.googleapis.com/v0/b/swafp-swam.firebasestorage.com/ https://accounts.google.com/gsi/client https://content-firebaseappcheck.googleapis.com/v1/projects/swafp-swam/apps/ https://yodlee-1.hs.llnwd.net/v1/ https://cdn.yodlee.com/ https://cdn.yodlee.com/fastlink/v4/initialize.js https://maps.googleapis.com https://maps.gstatic.com; frame-src accounts.google.com swafp-swam.firebaseapp.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/recaptcha/releases/ 'sha384-b0a74d1a7afcd8ccf4206f6c46f5693f57fadcc9feb6b513777527ea7d63de81f6fe3ef9507dbcc384d25aaac08aff4a' https://www.google.com/recaptcha/api.js 'sha384-P8pCcHmv6YuQzFS4CHCBH75RXE60mJL5a4xXH5SOKJXf73JeLMNzQcVajnZH59MQ' https://fl4.prod.yodlee.com.au/; img-src 'self' blob: data: swa-images.web.app www.google.com https://yodlee-1.hs.llnwd.net/v1/ https://cdn.yodlee.com/ https://maps.googleapis.com https://maps.gstatic.com; manifest-src 'self'; script-src-elem 'self' https://www.google.com/recaptcha/api.js 'sha384-P8pCcHmv6YuQzFS4CHCBH75RXE60mJL5a4xXH5SOKJXf73JeLMNzQcVajnZH59MQ' apis.google.com 'sha256-B5XDg6SX5QkSXo9nJFSSA4Uxy5VgX7WUxH73qbNa3f0=' https://www.gstatic.com/recaptcha/releases/ 'sha384-b0a74d1a7afcd8ccf4206f6c46f5693f57fadcc9feb6b513777527ea7d63de81f6fe3ef9507dbcc384d25aaac08aff4a' https://accounts.google.com/gsi/client https://cdn.yodlee.com/fastlink/v4/initialize.js https://maps.googleapis.com https://maps.gstatic.com; style-src-elem 'self' 'unsafe-inline'; worker-src 'self' swafp-swam.firebaseapp.com https://swafp-swam.firebaseapp.com/api/v1/; script-src 'self' apis.google.com 'sha256-B5XDg6SX5QkSXo9nJFSSA4Uxy5VgX7WUxH73qbNa3f0=' https://www.google.com/recaptcha/api.js 'sha384-P8pCcHmv6YuQzFS4CHCBH75RXE60mJL5a4xXH5SOKJXf73JeLMNzQcVajnZH59MQ' https://www.gstatic.com/recaptcha/releases/ 'sha384-b0a74d1a7afcd8ccf4206f6c46f5693f57fadcc9feb6b513777527ea7d63de81f6fe3ef9507dbcc384d25aaac08aff4a' https://cdn.yodlee.com/fastlink/v4/initialize.js; style-src 'self' 'unsafe-inline';

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer-when-downgrade

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Vary

Performance

x-fh-requested-host, accept-encoding

Caching Headers

3 headers

Cache-Control

Caching

max-age=3600

Etag

Caching

"be9832d173ef30bbf97c38c9cb73763d4b212f1adddfaba0dea4b92884d78413"

Last-Modified

Caching

Fri, 12 Dec 2025 03:16:11 GMT

Content Headers

2 headers

Content-Length

Content

7292

Content-Type

Content

text/html; charset=utf-8

Server Headers

0 headers

No server headers found

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

6 headers

Alt-Svc

Other

h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

Date

Other

Wed, 14 Jan 2026 08:53:17 GMT

X-Cache

Other

MISS

X-Cache-Hits

Other

0

X-Served-By

Other

cache-iad-kcgs7200078-IAD

X-Timer

Other

S1768380798.655036,VS0,VE58

Recommendations

Enable compression (gzip/brotli) to improve performance