HTTP Headers Analysis for https://tw.dictionary.yahoo.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Basic

frame-ancestors; base-uri; default-src; +9 more

frame-ancestors 'none'; base-uri 'self'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-4c8duYAQyWknnOoAERe+uA==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob: https://cdn.ampproject.org/rtv/ https://securepubads.g.doubleclick.net/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://adservice.google.com/adsid/integrator.js https://securepubads.g.doubleclick.net/pagead/ https://tpc.googlesyndication.com/sodar/sodar2.js https://tpc.googlesyndication.com/pagead/js/ https://www.googletagservices.com/activeview/js/current/rx_lidar.js https://pagead2.googlesyndication.com/pagead/ https://pagead2.googlesyndication.com/gampad/ https://console.googletagservices.com/pubconsole/loader.js https://www.googletagservices.com/activeview/js/ https://hb.yahoo.net/bidexchange.js https://opus.analytics.yahoo.com/tag/opus.js https://hb.yahoo.net/tcb.js https://pagead2.googlesyndication.com/tag/js/gpt.js https://cdn.taboola.com https://gum.criteo.com/ *.googletagmanager.com; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com https://cdn.taboola.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/ https://interactives.ap.org https://*.safeframe.googlesyndication.com https://tpc.googlesyndication.com https://www.google.com https://securepubads.g.doubleclick.net https://console.googletagservices.com https://*.taboola.com; img-src 'self' data: blob: https://*.aol.com https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com https://bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net https://securepubads.g.doubleclick.net/pagead/adview http://www.google.com/ads/measurement/l https://googleads.g.doubleclick.net/pagead/interaction/ https://*.googlesyndication.com https://*.taboola.com; media-src * blob:; object-src 'self' https://*.yimg.com; connect-src * blob: https://securepubads.g.doubleclick.net/pagead/ https://securepubads.g.doubleclick.net/gampad/ads https://securepubads.g.doubleclick.net/pcs/view https://pagead2.googlesyndication.com/getconfig/sodar https://pagead2.googlesyndication.com/pagead/ https://pagead2.googlesyndication.com/pcs/activeview https://pagead2.googlesyndication.com/gampad/ads https://csi.gstatic.com https://*.media.net https://*.taboola.com; font-src * data: https://cdn.taboola.com; child-src blob:;

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer-when-downgrade

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Connection

Performance

keep-alive

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

Caching Headers

2 headers

Age

Caching

0

Cache-Control

Caching

private

Content Headers

1 headers

Content-Type

Content

text/html; charset=utf-8

Server Headers

1 headers

Server

ATS

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

4 headers

Date

Other

Sat, 22 Nov 2025 21:43:49 GMT

Secure_search_bypass

Other

true

X-Envoy-Decorator-Operation

Other

sfe-k8s--vertical-production-bf1.search--web-syc-k8s:4080/*

X-Envoy-Upstream-Service-Time

Other

11

Recommendations

Enable compression (gzip/brotli) to improve performance