Open
Cached
·
just now
14
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=63072000; includeSubdomains; preload
Content-Security-Policy
Basic
default-src; script-src; style-src; +13 more
default-src 'self'; script-src 'self' https://www.gstatic.com https://maps.google.com https://www.google.com https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com https://static.hotjar.com https://script.hotjar.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' https://maps.gstatic.com https://maps.google.com https://www.theorigo.com https://www.googletagmanager.com https://www.google-analytics.com https://static.hotjar.com data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.gstatic.com https://maps.google.com https://maps.googleapis.com https://www.google.com https://analytics.google.com https://www.google-analytics.com https://ws.hotjar.com https://content.hotjar.com; frame-src https://td.doubleclick.net https://www.google.com https://accounts.google.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; media-src 'self'; child-src 'self'; form-action 'self'; base-uri 'self'; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self';
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer-when-downgrade
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Caching Headers
3 headers
Cache-Control
Caching
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires
Caching
Thu, 19 Nov 1981 08:52:00 GMT
Pragma
Caching
no-cache
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
Server
Server
Apache
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
the_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22cc275e4e85e2d63dee748ac7fa6615a9%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22216.246.40.66%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A10%3A%22mint%2F1.7.1%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1766784186%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7D6803da3f1221a020aee2bf55e324a1e75f560986; expires=Fri, 26-Dec-2025 23:23:06 GMT; path=/; secure; httponly
Other Headers
1 headers
Date
Other
Fri, 26 Dec 2025 21:23:06 GMT
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 3322ms