Open
Cached
·
just now
18
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Add Content-Security-Policy header to prevent XSS attacks
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Caching Headers
2 headers
Cache-Control
Caching
max-age=0, private, must-revalidate
Etag
Caching
W/"3350213009b99a0fcc899966e7f40948"
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
2 headers
Server
Server
nginx
X-Runtime
Server
0.217277
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
_Cog-On-Rails_session=UFVsMVVGZ1VxNGlEVDZXak1PSlpTYmxlTldTTTVyS3NsWU96bUhwckt1MjYwWmV0OW9SNnVZZTRyKysyUVVzWW1md3B3ZEY5eUkraEgxVHNjclVDUEpoNk9vRmZxdmRLNGhUaFJZVmJIbTE3RERLd1ZEMy81MVpCRUIxaVlPOHJzL0o4MUt6NTRLd2Z2RENlRUFJbTdwZWxad2szNDNUVERCbWdkTFQremhOTE5Ib2tldkVQc2pIWG5GWVNyM1czTmJ3L2dGZDU3aWNrNlRjeXk0L0Z2S29FcmJNLy9LMms5ZFZQeWFRYVRmbzIwWG1hRllnWjEvY2FuTkJyYWIvLzJSOUtZQ0YzN2l6ZmpaUnh6Ujd6RWptc0xNZWFPa09uK0lRM2lLRlA3ajg9LS1mNjBtQ1NBN2hSTzVIVFNSNld5QTNnPT0%3D--d205feb21ece299706e57d9f34e6d7fa0f4ae4ad; path=/; secure; HttpOnly
Other Headers
5 headers
Date
Other
Wed, 17 Dec 2025 19:40:42 GMT
Front-End-Https
Other
on
X-Download-Options
Other
noopen
X-Permitted-Cross-Domain-Policies
Other
none
X-Request-Id
Other
c963cc5e-b500-49ed-b46c-5a2b5e0186ab
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 381ms