HTTP Headers Analysis for https://www.polyesterdinosaur.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Basic

base-uri; object-src; script-src; +1 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Present

ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*; +6 more

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)

Performance Headers

Accept-Ranges

Performance

none

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Sec-CH-Viewport-Width, Sec-CH-DPR, Device-Memory,Accept-Encoding

accept-ranges: none
connection: close
transfer-encoding: chunked
vary: Sec-CH-Viewport-Width, Sec-CH-DPR, Device-Memory,Accept-Encoding

Caching Headers

Cache-Control

Caching

no-cache, no-store, max-age=0, must-revalidate

Expires

Caching

Mon, 01 Jan 1990 00:00:00 GMT

Pragma

Caching

no-cache

cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache

Content Headers

Content-Type

Content

text/html; charset=utf-8

content-type: text/html; charset=utf-8

Server Headers

Server

ESF

server: ESF

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: __Secure-BUCKET=CMEB; Domain=.youtube.com; Expires=Sun, 04-Oct-2026 22:22:44 GMT; Path=/; Secure; HttpOnly; SameSite=lax
GPS=1; Domain=.youtube.com; Expires=Tue, 07-Apr-2026 22:52:44 GMT; Path=/; Secure; HttpOnly
YSC=8Ecj54smDzg; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
__Secure-ROLLOUT_TOKEN=CJHVwYXro5OmwwEQ_96mx-PckwMY_96mx-PckwM%3D; Domain=youtube.com; Expires=Sun, 04-Oct-2026 22:22:44 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned
__Secure-YEC=; Domain=.youtube.com; Expires=Wed, 12-Jul-2023 22:22:44 GMT; Path=/; Secure; HttpOnly; SameSite=lax
VISITOR_INFO1_LIVE=VAFSPDhjk8M; Domain=.youtube.com; Expires=Sun, 04-Oct-2026 22:22:44 GMT; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgDQ%3D%3D; Domain=.youtube.com; Expires=Sun, 04-Oct-2026 22:22:44 GMT; Path=/; Secure; HttpOnly; SameSite=none

Other Headers

Accept-Ch

Other

Sec-CH-Viewport-Width, Sec-CH-DPR, Device-Memory

Alt-Svc

Other

h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Date

Other

Tue, 07 Apr 2026 22:22:44 GMT

Document-Policy

Other

include-js-call-stacks-in-crash-reports

Origin-Trial

Other

AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9, AiDEBptUfVeO93q48VdVMe/ubupazdAl8AaHP+NBzdnW8quUcHdzJUyGSfrmtpKJu7EOvwRp9ug2rEo3XU+WMAMAAAB2eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJEZXZpY2VCb3VuZFNlc3Npb25DcmVkZW50aWFsczIiLCJleHBpcnkiOjE3NzQzMTA0MDAsImlzU3ViZG9tYWluIjp0cnVlfQ==

P3p

Other

CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."

Report-To

Other

Group youtube_main max-age: 4w

Endpoint 1 https://csp.withgoogle.com/csp/report-to/youtube_main

Reporting-Endpoints

Other

crash-reporting="/web-reports?context=eJwVy39o1HUcx_F990Q7dt7uvt_v5_P-iCcaU4xcN8-pE81hiq6cTAdDkFYMN2cezE3n3blDyRJ_5UpaGTJdMUFqNhuWFcyxkgjNX5v5izm1UBCZzmn568LEvv3xgBcvXq-so8PGv1FrvfVSvTW_d631YVHcevxl3PqmK27FDiWswReTVnlO0qr5s8H6IrQ0s2HU0syuN7NI3cuiPNfP-WI_g4v8_PiVn67v_Fy75WdqYgQDpQG6mwMsuxGgrTOb0uPZNHmGnmVTUBgkWR3Enwyy54Mgk3cHMSeDdI8PcW5viKtPQrwftdk5zaZlic21CpuSd2w2bLDZ7Jm70-bnr23CHTajB2xupG3Wz3ToL3J4XuxQUu5wq86hsMfhtV6HWeccfC-4lIRd2se6RKa5pBe7ZNW5bKl3ufmeCwddug-7FPW57Prb5d-nLo1KUWoUgekK3-uKyrhiSbPiXc9Pno5Wxdn9itRBxeBxRe1pRedZxZ3fFe19ilX9il1_KRrSis8zNPNEM26kpjesSY3VbBmnWTtBkz9RcyxXsy-qmVOmObBV8-0OjfWZZuiYJvabZvgJzxnNGc-ay5rO__VrVv6haRry9g80OkPYHhCO2MKrrpe1sDwsNOYKTkR4Okl4e6HgWyR8XCVMXClsXS3Mjgu_JIT1KaFmo9C2SSjcLFzYLsxtEl7ZLaxpEz7qEO4dEj79QXj8q5DsEe5fFNKe631ef1lo7xfKB4Rmz5y7wiePhPA_QsYzoSvT8NDzxGdY4DckA4bbYpg5ytDiGZNjKHvZcNTzPNdwKs_QOMWwY4YhNs9wZb7hcKn3LzOkVnmbdYbWjQZnhO_7bZd6hofSR1pbMnMiqbpEPFFZnbeuujKyor6uNh6prl0eqaqPxWNVy2oq8qP5BdGp0YK86IyK1dH_ACuA3L4"

accept-ch: Sec-CH-Viewport-Width, Sec-CH-DPR, Device-Memory
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 07 Apr 2026 22:22:44 GMT
document-policy: include-js-call-stacks-in-crash-reports
origin-trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9, AiDEBptUfVeO93q48VdVMe/ubupazdAl8AaHP+NBzdnW8quUcHdzJUyGSfrmtpKJu7EOvwRp9ug2rEo3XU+WMAMAAAB2eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJEZXZpY2VCb3VuZFNlc3Npb25DcmVkZW50aWFsczIiLCJleHBpcnkiOjE3NzQzMTA0MDAsImlzU3ViZG9tYWluIjp0cnVlfQ==
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
reporting-endpoints: crash-reporting="/web-reports?context=eJwVy39o1HUcx_F990Q7dt7uvt_v5_P-iCcaU4xcN8-pE81hiq6cTAdDkFYMN2cezE3n3blDyRJ_5UpaGTJdMUFqNhuWFcyxkgjNX5v5izm1UBCZzmn568LEvv3xgBcvXq-so8PGv1FrvfVSvTW_d631YVHcevxl3PqmK27FDiWswReTVnlO0qr5s8H6IrQ0s2HU0syuN7NI3cuiPNfP-WI_g4v8_PiVn67v_Fy75WdqYgQDpQG6mwMsuxGgrTOb0uPZNHmGnmVTUBgkWR3Enwyy54Mgk3cHMSeDdI8PcW5viKtPQrwftdk5zaZlic21CpuSd2w2bLDZ7Jm70-bnr23CHTajB2xupG3Wz3ToL3J4XuxQUu5wq86hsMfhtV6HWeccfC-4lIRd2se6RKa5pBe7ZNW5bKl3ufmeCwddug-7FPW57Prb5d-nLo1KUWoUgekK3-uKyrhiSbPiXc9Pno5Wxdn9itRBxeBxRe1pRedZxZ3fFe19ilX9il1_KRrSis8zNPNEM26kpjesSY3VbBmnWTtBkz9RcyxXsy-qmVOmObBV8-0OjfWZZuiYJvabZvgJzxnNGc-ay5rO__VrVv6haRry9g80OkPYHhCO2MKrrpe1sDwsNOYKTkR4Okl4e6HgWyR8XCVMXClsXS3Mjgu_JIT1KaFmo9C2SSjcLFzYLsxtEl7ZLaxpEz7qEO4dEj79QXj8q5DsEe5fFNKe631ef1lo7xfKB4Rmz5y7wiePhPA_QsYzoSvT8NDzxGdY4DckA4bbYpg5ytDiGZNjKHvZcNTzPNdwKs_QOMWwY4YhNs9wZb7hcKn3LzOkVnmbdYbWjQZnhO_7bZd6hofSR1pbMnMiqbpEPFFZnbeuujKyor6uNh6prl0eqaqPxWNVy2oq8qP5BdGp0YK86IyK1dH_ACuA3L4"

Recommendations

Enable compression (gzip/brotli) to improve performance