Cached · just now
21 Headers

HTTP Security Headers

Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Basic
base-uri; child-src; connect-src; +13 more Analyze
Content-Security-Policy-Report-Only
Missing
Not configured Analyze
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
  • Consider adding 'preload' to HSTS for maximum security
  • Improve CSP by adding more specific directives and removing 'unsafe-inline'
  • Consider adding Permissions-Policy to control browser features

Performance Headers

Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding

Caching Headers

Cache-Control
Caching
no-cache, no-store
Pragma
Caching
no-cache

Content Headers

Content-Type
Content
text/html; charset=utf-8

Server Headers

Server
Server
envoy

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie
Cookies

Other Headers

Alt-Svc
Other
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Cross-Origin-Opener-Policy-Report-Only
Other
same-origin; report-to=coop-dws2
Date
Other
Tue, 24 Feb 2026 17:57:43 GMT
Reporting-Endpoints
Other
coop-dws2="https://www.dropbox.com/csp_log?policy_name=coop-dws2", max_age=10886400, csp-metaserver-whitelist="https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist", max_age=10886400
X-Dropbox-Request-Id
Other
82a1ac67c56747f28771dbac699de697
X-Dropbox-Response-Origin
Other
far_remote
X-Permitted-Cross-Domain-Policies
Other
none

Recommendations

Enable compression (gzip/brotli) to improve performance