DNS Gurus
Open Cached · just now
12 Headers

HTTP Security Headers

Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Good
sameorigin
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Add Strict-Transport-Security header with max-age of at least 1 year
  • Add Content-Security-Policy header to prevent XSS attacks
  • Add X-Content-Type-Options: nosniff
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

Performance Headers

1 headers
Transfer-Encoding
Performance
chunked

Caching Headers

3 headers
Cache-Control
Caching
must-revalidate, no-cache, private
Expires
Caching
Sat, 26 Jul 1997 05:00:00 GMT
Pragma
Caching
no-cache

Content Headers

1 headers
Content-Type
Content
text/html; charset=UTF-8

Server Headers

2 headers
Server
Server
Apache
X-Powered-By
Server
PHP/8.2.6

CORS Headers

0 headers
No CORS headers found

Cookies Headers

1 headers
Set-Cookie
Cookies
current_cart_id=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/; domain=www.upspot.app

Other Headers

3 headers
Date
Other
Wed, 12 Nov 2025 12:31:47 GMT
Link
Other
<https://fonts.googleapis.com>; rel="preconnect",<https://fonts.gstatic.com>; rel="preconnect"; crossorigin="anonymous",<https://www.upspot.app/medias/static/themes/bootstrap_v4/js/jquery-3.6.3.min.js?v=26012023>; rel="preload"; as="script",<https://www.upspot.app/medias/static/themes/bootstrap_v4/js/popper.min.js?v=31012023>; rel="preload"; as="script",<https://www.upspot.app/medias/static/themes/bootstrap_v4/js/bootstrap.min.js?v=31012023>; rel="preload"; as="script",<https://www.upspot.app/themes/combined.css?v=1201>; rel="preload"; as="style",<https://www.upspot.app/themes/combined.js?v=1201&lang=fr>; rel="preload"; as="script"
X-Ems-Server
Other
70

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology

Analysis completed in 3518ms