HTTP Headers Analysis for https://timeedit.io

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Good

frame-ancestors; script-src; font-src; +9 more

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Strengthen CSP by removing 'unsafe-eval'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Consider adding Permissions-Policy to control browser features

Performance Headers

1 headers

Accept-Ranges

Performance

bytes

Caching Headers

4 headers

Age

Caching

0

Cache-Control

Caching

public,no-cache,max-age=0

Etag

Caching

"41ec2ca0438a7f65d29488a4db83c8a7"

Last-Modified

Caching

Thu, 28 Aug 2025 10:56:13 GMT

Content Headers

2 headers

Content-Length

Content

561

Content-Type

Content

text/html

Server Headers

1 headers

Server

UploadServer

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

11 headers

Alt-Svc

Other

h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Date

Other

Thu, 13 Nov 2025 14:52:12 GMT

Reporting-Endpoints

Other

csp-endpoint="https://o4506875039318016.ingest.us.sentry.io/api/4508479316885504/security/?sentry_key=06f28af890ef0b264ade8b5cb41174e1&sentry_environment=staging"

Via

Other

1.1 google

X-Goog-Generation

Other

1756378573444497

X-Goog-Hash

Other

md5=QewsoEOKf2XSlIik24PIpw==

X-Goog-Metageneration

Other

2

X-Goog-Storage-Class

Other

STANDARD

X-Goog-Stored-Content-Encoding

Other

identity

X-Goog-Stored-Content-Length

Other

561

X-Guploader-Uploadid

Other

AOCedOHISpzhG-09hsxJjmnaVR5e_JUAgPt0s8pVp6N57nr_JboKLBkp2Lcn8dXuPBg9NUFzWHswKvI

Recommendations

Enable compression (gzip/brotli) to improve performance