HTTP Headers Analysis for https://wokiapp.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; object-src; upgrade-insecure-requests; +9 more

default-src 'self' intent: blob: data:; object-src 'self' blob: data:; upgrade-insecure-requests ; script-src 'self' 'unsafe-inline' 'report-sample' 'unsafe-eval' https://static.wokiapp.com https://cdn.wokiapp.com https://vercel.live https://vercel.live/_next-live/feedback/feedback.js https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://connect.facebook.net https://sdk-web.y.uno https://sdk-web-card.prod.y.uno https://maps.googleapis.com https://apis.google.com https://l.instagram.com https://instagram.com https://woki.sentry.io https://*.sentry.io https://us-assets.i.posthog.com https://us.i.posthog.com https://*.posthog.com https://www.google.com https://www.gstatic.com https://*.queue-it.net https://analytics.tiktok.com https://*.tiktok.com https://*.facebook.com https://*.fbcdn.net; style-src 'report-sample' 'self' https://static.wokiapp.com https://icons.prod.y.uno * 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://woki.sentry.io https://sentry.io https://o4508275244466176.ingest.us.sentry.io https://static.wokiapp.com; connect-src 'self' data: blob: https://*.queue-it.net *.vercel-insights.com plausible.io https://sockjs-us3.pusher.com wss://ws-us3.pusher.com https://td.doubleclick.net/ https://securetoken.googleapis.com/ https://identitytoolkit.googleapis.com https://analytics.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://gtm-server.api.wokiapp.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google.com/ccm/collect https://google.com/ https://maps.googleapis.com https://td.doubleclick.net/ https://static.wokiapp.com https://cdn.wokiapp.com https://sdk-web.y.uno https://sdk-web-card.prod.y.uno https://wokilatam.firebaseio.com https://api-sandbox.y.uno https://api.y.uno https://*.wokiapp.com https://test.woki.ar https://l.instagram.com https://instagram.com https://woki-web-testing.web.app https://wokilatam.web.app https://*.sentry.io https://o4508275244466176.ingest.us.sentry.io https://us-assets.i.posthog.com https://us.i.posthog.com https://*.posthog.com https://o4508275244466176.ingest.us.sentry.io https://www.google.com https://www.gstatic.com https://analytics.tiktok.com https://*.tiktok.com https://*.facebook.com https://*.fbcdn.net https://*.public.blob.vercel-storage.com https://j8mtphnij3khnjeq.public.blob.vercel-storage.com; font-src 'self' data: https://static.wokiapp.com https://cdn.wokiapp.com https://fonts.gstatic.com https://*.public.blob.vercel-storage.com https://j8mtphnij3khnjeq.public.blob.vercel-storage.com; img-src 'self' data: blob: https://static.wokiapp.com https://cdn.wokiapp.com www.googletagmanager.com * https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com; worker-src 'self' blob:; frame-ancestors *; form-action 'self' https://woki.sentry.io https://sentry.io https://o4508275244466176.ingest.us.sentry.io https://*.ingest.us.sentry.io/ https://www.facebook.com https://*.facebook.com https://www.facebook.com/tr/; frame-src 'self' https://vercel.live/ https://td.doubleclick.net/ https://www.googletagmanager.com https://sdk-web.y.uno https://sdk-web-card.prod.y.uno wokilatam.firebaseapp.com https://wokiapp.com https://td.doubleclick.net https://www.google.com https://www.gstatic.com https://www.facebook.com https://*.facebook.com https://woki-web-testing.web.app https://wokilatam.web.app

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Consider adding Permissions-Policy to control browser features

Performance Headers

1 headers

Connection

Performance

close

Caching Headers

3 headers

Age

Caching

12847

Cache-Control

Caching

public, max-age=0, must-revalidate

Etag

Caching

"16vhgpa0u6ec495"

Content Headers

2 headers

Content-Length

Content

566543

Content-Type

Content

text/html; charset=utf-8

Server Headers

2 headers

Server

Vercel

X-Powered-By

Server

Next.js

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

4 headers

Date

Other

Sat, 17 Jan 2026 00:00:54 GMT

X-Matched-Path

Other

/es

X-Vercel-Cache

Other

HIT

X-Vercel-Id

Other

iad1::iad1::bdlk2-1768620902823-02eaf66e58ef

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology