Open
Cached
·
just now
18
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=63072000; includeSubDomains
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Add Content-Security-Policy header to prevent XSS attacks
- • Consider adding Permissions-Policy to control browser features
Performance Headers
1 headers
Connection
Performance
close
Caching Headers
2 headers
Cache-Control
Caching
max-age=0, private, must-revalidate
Etag
Caching
W/"f9e581fde734144b16bfeefc9afec797"
Content Headers
2 headers
Content-Length
Content
17816
Content-Type
Content
text/html; charset=utf-8
Server Headers
2 headers
Server
Server
Caddy
X-Runtime
Server
0.015125
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
_codebase-website_session=0EWKweQ01Ue2lTm8FHUcGkIMgADMuurAgwLnn%2BIM6Jy6lwvNzeiEj0M10Sor3BnsxmNoc3NcxkmP7kVrKKIZuZX7qNK9m31w2K%2BDggOzbamCgvqXM5uXMhCgUEsXb4tiiUQnAoIsQ7IsHWFLw82CilWUKE9zxiHvVaGhJdhP8ICiN7FQOkJS9mpy1Zz27jnFqPwoMPxdZSGIcu%2BGzCVQCHHVyWgg7sO1sWYYVXw9AjlJCfMen77HGn62IqlTLrsHmpmvyDqc%2F3TVo2iMHlfxsmDW0CGg5nY6NzjmFAdJWsyS--TKHU4EgTzumSIbmH--Oeul3m1ojMj4IprmecKqHg%3D%3D; path=/; secure; HttpOnly; SameSite=Lax
Other Headers
5 headers
Date
Other
Tue, 30 Dec 2025 11:01:47 GMT
Link
Other
</assets/application-ae775ce84fb7a0617f37dfaa0514f11b919c178e85e072d9a3bb702a45dc19bc.css>; rel=preload; as=style; nopush,</assets/application-432b34a5309248c7ebf2b3c2d17c1457e0e13747be932a7ad3fc132e3437031b.js>; rel=preload; as=script; nopush
X-Download-Options
Other
noopen
X-Permitted-Cross-Domain-Policies
Other
none
X-Request-Id
Other
d5fa6333-3937-42e3-ab7a-62f4e0696ca3
Recommendations
Enable compression (gzip/brotli) to improve performance