Open
Cached
·
just now
28
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; preload; includeSubDomains
Content-Security-Policy
Basic
default-src; script-src; style-src; +10 more
default-src *.facebook.com *.fbcdn.net *.instagram.com blob:;script-src *.instagram.com static.cdninstagram.com *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-MuujdHjK' blob: 'self' 'unsafe-eval' https://*.google-analytics.com https://translate.google.com https://apis.google.com https://accounts.google.com;style-src *.instagram.com static.cdninstagram.com data: blob: 'unsafe-inline' *.fbcdn.net *.facebook.com;connect-src *.instagram.com wss://edge-chat.instagram.com connect.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* ws://localhost:* blob: *.cdninstagram.com wss://*.instagram.com:* 'self' https://meta.privacy-gateway.cloudflare.com/relay;font-src *.instagram.com static.cdninstagram.com data: *.fbcdn.net *.intern.facebook.com *.facebook.com https://fonts.gstatic.com;img-src *.instagram.com *.facebook.com *.fbcdn.net data: *.cdninstagram.com *.whatsapp.net blob: *.fbsbx.com android-webview-video-poster: *.oculuscdn.com *.giphy.com *.tenor.co *.tenor.com www.googleadservices.com *.doubleclick.net *.google.com *.google.co.uk https://www.gstatic.com https://*.google-analytics.com;media-src *.facebook.com *.fbcdn.net *.instagram.com *.cdninstagram.com cdn.fbsbx.com lookaside.fbsbx.com data: blob: https://*.giphy.com *.tenor.co *.tenor.com;child-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;frame-src *.instagram.com *.facebook.com *.fbsbx.com fbsbx.com data: www.googleadservices.com *.doubleclick.net *.google.com *.google.co.uk;manifest-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;object-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;block-all-mixed-content;upgrade-insecure-requests;
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Present
accelerometer=(self), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(self), gyroscope=(self), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(self), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
Performance Headers
2 headers
Connection
Performance
keep-alive
Vary
Performance
Accept-Encoding
Caching Headers
3 headers
Cache-Control
Caching
private, no-cache, no-store, must-revalidate
Expires
Caching
Sat, 01 Jan 2000 00:00:00 GMT
Pragma
Caching
no-cache
Content Headers
2 headers
Content-Length
Content
0
Content-Type
Content
text/html; charset="utf-8"
Server Headers
0 headers
No server headers found
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
13 headers
Alt-Svc
Other
h3=":443"; ma=86400
Content-Security-Policy-Report-Only
Other
default-src *.facebook.com *.fbcdn.net *.instagram.com blob:;script-src *.instagram.com static.cdninstagram.com *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-MuujdHjK' blob: 'self' https://*.google-analytics.com https://translate.google.com https://apis.google.com https://accounts.google.com 'report-sample';style-src *.instagram.com static.cdninstagram.com data: blob: 'unsafe-inline' *.fbcdn.net *.facebook.com;connect-src *.instagram.com wss://edge-chat.instagram.com connect.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* ws://localhost:* blob: *.cdninstagram.com wss://*.instagram.com:* 'self' https://meta.privacy-gateway.cloudflare.com/relay;font-src *.instagram.com static.cdninstagram.com data: *.fbcdn.net *.intern.facebook.com *.facebook.com https://fonts.gstatic.com;img-src *.instagram.com *.facebook.com *.fbcdn.net data: *.cdninstagram.com *.whatsapp.net blob: *.fbsbx.com android-webview-video-poster: *.oculuscdn.com *.giphy.com *.tenor.co *.tenor.com www.googleadservices.com *.doubleclick.net *.google.com *.google.co.uk https://www.gstatic.com https://*.google-analytics.com;media-src *.facebook.com *.fbcdn.net *.instagram.com *.cdninstagram.com cdn.fbsbx.com lookaside.fbsbx.com data: blob: https://*.giphy.com *.tenor.co *.tenor.com;child-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;frame-src *.instagram.com *.facebook.com *.fbsbx.com fbsbx.com data: www.googleadservices.com *.doubleclick.net *.google.com *.google.co.uk;manifest-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;object-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;block-all-mixed-content;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
Cross-Origin-Embedder-Policy-Report-Only
Other
require-corp;report-to="coep_report"
Date
Other
Sun, 23 Nov 2025 00:52:32 GMT
Document-Policy
Other
include-js-call-stacks-in-crash-reports
Origin-Agent-Cluster
Other
?1
Origin-Trial
Other
ArDvqjFKr1fHThlSM8Kkp74sxlOCFTeqYJMXCGqCG/VJmcYlO/0UavmpqPDit2KppDf1THInNpwA36GmtgPOug8AAAB2eyJvcmlnaW4iOiJodHRwczovL3d3dy5pbnN0YWdyYW0uY29tOjQ0MyIsImZlYXR1cmUiOiJDcmFzaFJlcG9ydGluZ1N0b3JhZ2VBUEkiLCJleHBpcnkiOjE3NzY3Mjk2MDAsImlzU3ViZG9tYWluIjp0cnVlfQ==
Proxy-Status
Other
http_request_error; e_fb_vipaddr="AcPi8lF0sDhSwTJocho6mziq2NE7QVDy6ne8yy5ixddClVeHqMk5JaKXGbZf-E3Nz8rK_f3hu2kctce5gibQxig7A3YbvneK-MskjSON"; e_clientaddr="AcPOyJqrdrhmlTiXQf6H9d7fj19je08Yi_p7__Wd2KQu8K-2H1QtjzrEn0c2wq5JfBDpvw_Phz87uMULgDsV7_XJHL0mGELBu7mFstclzIxNBF0EbQ"; e_upip="AcPlBVFWSOktSeBZqKc8uaUq_SzQ1k2bVbHSdBsJJg9U5Ul1CqE5IS7XWAyi7J6QityejIJ9voSAUikb7RajbFx0IYZ0VZNSk8KlrpLtc44"; e_fb_zone="AcN_jqQnUQPUZeDo524RH9w6YZWvSDbGRiPeKgBKv7BqTHChRbB3mdtSTM5PtN0P"; e_fb_twtaskhandle="AcOrFNRnSGBgntXFJgwPv1wiIBtBjDU-MwPNRgIpWiodjiRkFTZtSYhmtHBvTmU4LfQzK_8baPBGun3d8WlmZ1fvQVV7fwry2FR2_DlSkQ"; e_proxy="AcPG9OMLPYWOwptVwBCPnOi0vPMApFQCkzoJ04WOCPHbumfTGwTPaGz1CvzaXeLXDCL73zUodxHs7t-fRYzT", http_request_error; e_fb_vipaddr="AcNAvYF4bLRk-o3UfyRkZfiNbzNqCfcecLGmS-szgQcx2N2WWd48UwgfvssDR0fITrieKVDnVg"; e_clientaddr="AcN0rxre_gPXyheNohXeEBuyvMnvusHzsiiFeIeddbA9LFJOwdlDShwOfvrIrIq8Xo9HOjckZkD_8En5cA"; e_upip="AcNF3EK0FeOUrqHE37XHgybFAMECEtL1juwXWbFqbtVMkG3yuoqlBHLktRKN0qMCQMWR5VHSkj6t6Ef_GepZkT0ZAzyxQiAOmighOgdp"; e_fb_zone="AcM761SxV6xOJgb7yu6_3KR4iqBTa6_UdyMZQyoQP6WWglImuD3TRraILr4bNg"; e_fb_twtaskhandle="AcPSA8wbP9l9o1M9Ni1Et0sP4BkOV9hEojK7KDkTaJ88c0xKtx8qflPaDaKV4cvZ-AznIbeZ66qlsBTyO9oBysPmcXkquDKEqdg5"; e_proxy="AcOreIBBw_jb7QHBREZcrs6PqN4bHsKtCSsZRhgyi-udj49M12FK2ujmPlS8-PrX-t2pcvjVpGhFeOA"
Report-To
Other
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.instagram.com\/error\/ig_web_error_reports\/?device_level=unknown&brsid=7575717372912998758&cpp=C3&cv=1030279433&st=1763859152606"}]}
Reporting-Endpoints
Other
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.instagram.com/error/ig_web_error_reports/?device_level=unknown&brsid=7575717372912998758&cpp=C3&cv=1030279433&st=1763859152606"
X-Fb-Connection-Quality
Other
EXCELLENT; q=0.9, rtt=15, rtx=0, c=14, mss=1368, tbw=4175, tp=-1, tpl=-1, uplat=49, ullat=0
X-Fb-Debug
Other
ESBMSfcFIbsvIz8A/9hmZlauM2FSVTOXh3nm4gp+l8M+ao5y9yzNBhEW093DqK629FjbZ8mkJgFd8/7oPa7idg==
X-Stack
Other
www
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 2426ms