Open
Cached
·
just now
19
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Good
default-src; script-src; style-src; +9 more
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin
Permissions-Policy
Present
accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), speaker=(), sync-xhr=(), usb=(), vibrate=(), vr=()
Recommendations
- • Strengthen CSP by removing 'unsafe-eval'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
Performance Headers
2 headers
Connection
Performance
keep-alive
Vary
Performance
Accept-Encoding
Caching Headers
2 headers
Cache-Control
Caching
private, max-age=0, no-cache, no-store
Etag
Caching
W/"42b0-T41+O3Nf2OeqmBhMw0+hS4+lrxM"
Content Headers
2 headers
Content-Length
Content
17072
Content-Type
Content
text/html; charset=utf-8
Server Headers
2 headers
Server
Server
nginx
X-Powered-By
Server
Express
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
5 headers
Date
Other
Sat, 08 Nov 2025 08:58:16 GMT
Report-To
Other
{"group":"csp-endpoint","max_age":10886400,"endpoints":[{"url":"https://o877899.ingest.us.sentry.io/api/5829161/security/?sentry_key=50db7adcd8ca46c29042311c89aa0772"}],"include_subdomains":true}
X-Ratelimit-Limit
Other
50
X-Ratelimit-Remaining
Other
49
X-Ratelimit-Reset
Other
1762592597
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology
Analysis completed in 176ms