Open
Cached
·
just now
4
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
Transfer-Encoding
chunked
transfer-encoding: chunked
Caching Headers
No caching headers found
Content Headers
No content headers found
Server Headers
No server headers found
CORS Headers
No CORS headers found
Cookies Headers
Other Headers
Date
Thu, 02 Apr 2026 10:20:05 GMT
date: Thu, 02 Apr 2026 10:20:05 GMT
Recommendations
Enable compression (gzip/brotli) to improve performance
Add Cache-Control header to optimize caching