HTTP Headers Analysis for https://tada.codes

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

Caching Headers

1 headers

Cache-Control

Caching

private, no-cache, no-store, max-age=0, must-revalidate

Content Headers

1 headers

Content-Type

Content

text/html; charset=utf-8

Server Headers

2 headers

Server

istio-envoy

X-Powered-By

Server

Next.js

CORS Headers

1 headers

Access-Control-Allow-Origin

Cors

*

Cookies Headers

1 headers

Set-Cookie

Cookies

incap_ses_8216_3117862=cq1lfW/l33hUjnapARkFcpO0gGkAAAAAohHFnDp+Vk1vaHNTePVAyg==; path=/; Domain=.tadadelivery.com.mx; Secure; SameSite=None

Other Headers

6 headers

Appversionname

Other

canary

Date

Other

Mon, 02 Feb 2026 14:28:35 GMT

Link

Other

<https://services.dtc.mybees-platform.com/sting-dtc-mellifera-web/_next/static/media/091bb18002ede0b5-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", <https://services.dtc.mybees-platform.com/sting-dtc-mellifera-web/_next/static/media/09744c42ea2047ae-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", <https://services.dtc.mybees-platform.com/sting-dtc-mellifera-web/_next/static/media/0e7784537271ba44-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", <https://services.dtc.mybees-platform.com/sting-dtc-mellifera-web/_next/static/media/18e122b1484d945e-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", <https://services.dtc.mybees-platform.com/sting-dtc-mellifera-web/_next/static/media/2a15876e25787f01-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", <https://services.dtc.mybees-platform.com/sting-dtc-mellifera-web/_next/static/media/42ca9a2dc174b9b9-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", <https://services.dtc.mybees-platform.com/sting-dtc-mellifera-web/_next/static/media/76f29b690e794976-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", <https://services.dtc.mybees-platform.com/sting-dtc-mellifera-web/_next/static/media/7ebd901f2f4a0b98-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", <https://services.dtc.mybees-platform.com/sting-dtc-mellifera-web/_next/static/media/83c76cede88902c5-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", <https://services.dtc.mybees-platform.com/sting-dtc-mellifera-web/_next/static/media/95a978e26cc29d74-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", <https://services.dtc.mybees-platform.com/sting-dtc-mellifera-web/_next/static/media/9660dee8b9f46a2e-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", <https://services.dtc.mybees-platform.com/sting-dtc-mellifera-web/_next/static/media/a1aa48d6a9b4d02c-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", <https://services.dtc.mybees-platform.com/sting-dtc-mellifera-web/_next/static/media/b0088cce7ac0b424-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", <https://services.dtc.mybees-platform.com/sting-dtc-mellifera-web/_next/static/media/b0d37b8b851eee48-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", <https://services.dtc.mybees-platform.com/sting-dtc-mellifera-web/_next/static/media/d0b7d64a65dc32f9-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", <https://services.dtc.mybees-platform.com/sting-dtc-mellifera-web/_next/static/media/d1475c40e69d0ed6-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", <https://services.dtc.mybees-platform.com/sting-dtc-mellifera-web/_next/static/media/e0ad82400acf55c0-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", <https://services.dtc.mybees-platform.com/sting-dtc-mellifera-web/_next/static/media/f4d4117ac16cdbe3-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", <https://services.dtc.mybees-platform.com/sting-dtc-mellifera-web/_next/static/media/f5e5067cd50e2c82-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", <https://services.dtc.mybees-platform.com/sting-dtc-mellifera-web/_next/static/css/8b7136130b514092.css>; rel=preload; as="style"

X-Cdn

Other

Imperva

X-Envoy-Upstream-Service-Time

Other

5307

X-Iinfo

Other

9-29955108-29955111 NNNN CT(5 8 0) RT(1770042510435 7) q(0 0 1 0) r(1 54) U24

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology