HTTP Headers Analysis for https://www.thegooglestore.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Basic

script-src; object-src; base-uri; +2 more

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Present

ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)

Performance Headers

3 headers

Accept-Ranges

Performance

none

Transfer-Encoding

Performance

chunked

Vary

Performance

Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site,Accept-Encoding

Caching Headers

3 headers

Cache-Control

Caching

no-cache, no-store, max-age=0, must-revalidate

Expires

Caching

Mon, 01 Jan 1990 00:00:00 GMT

Pragma

Caching

no-cache

Content Headers

1 headers

Content-Type

Content

text/html; charset=utf-8

Server Headers

1 headers

Server

ESF

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

NID=526=nJkgGmQt8X-4o71sNpUJGuFrUTBbmSuLJXCiZU4yn0NZIHnY-kyf079-2XUG3fAilqXbY5oTQAjn3mwZ1wuhTO7dKfZehMcjjS0G4t8fFCj4lTsoXFVo6duU3p90UeFiuwMyN3c447oqnsQebWeNa4Tuf6sRfey84Y_wohz0dHn1rrWTaoR4zpe-OOCA-uwaWbe57w; expires=Sun, 10-May-2026 06:06:16 GMT; path=/; domain=.google.com; HttpOnly

Other Headers

7 headers

Accept-Ch

Other

Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version

Alt-Svc

Other

h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Content-Security-Policy-Report-Only

Other

require-trusted-types-for 'script';report-uri /_/Gstore/cspreport

Date

Other

Sat, 08 Nov 2025 06:06:16 GMT

P3p

Other

CP="This is not a P3P policy! See g.co/p3phelp for more info."

Reporting-Endpoints

Other

default="/_/Gstore/web-reports?context=eJwVyHlQlHUcx_H1a98fHuWVGYLkleYZgqJFGt7XHnmgFaaEhgdOoCCpmKGMsF50iS5oVqNUazm6FiksaVGBOirP7sLCPs8uMO6zC7skmKJmOmYf_3jNvD-fbsU9RnUL08wYEaZpSgrXNIPm5mJNnxRTp0NVpfTP7DIary-jV3PL6N2BVioZYqX4eCsVpVqpyyYrZeRYacUpK_WrtFIoTLpipQc3rLTjjXLKgSPbyin7u3JSYmUauEymmLUyrYfzGTKV5ss0tECm44dlqoKLYK6Q6fdLMhntMqU4ZGprlKmgTabupNCuaIVGTFNoFBxOVOgLuLZJoZOZCm3-XaFbHQpFd3PTBNgV5qb6tW4KL3bT9RNu-lp105V2Nx3p5KHGpzx0KMRDG_p76NfxHqo75KXTJV6qsnopUvaS7PNS3iMvJfRXqWyBSgPjVVq-RKVTK1X6bLVKmp0qjctV6c45lRyVKiVfUumDJpU2Q0mLSgtvqkQPVer9WKVG8lEy-6gpxEelfX1kHOOjCWN9VBTlo-IFPrKt89HFDB9Vf4-2-Gh4k4-ioGS0n5zj_bRvkp9Oz_PT1C1-Mh30U26Rn7Ksftpo89NCj5-M7X7aDWkhzeRf00x5mc10ta6ZjirNNDHQTPK0Fvr3zRY6b2mh3Y4Wiv-7hUb3C9A3AwL07eAA2fMDdO_jAE1uD9CBwUEqgqoJQboKrxmCFAdvJgRpORx4J0h_gHZtkBbCCngPpuUFKaEkSP1_CdK90FZ6DJP7t9Iq-GuOiTvgxFwTj5lnYuMbJs6HAouJD0NUmYknPXHBxFNgh9fEeTDqromj4ULfQq6CxS8V8jKoPF3I1-B2aSHnytV8EH7uqObz0PSomlvArJHYAjc6SXwH_L0lboPhoRK_DLEDJJ4BtlUSu0ABL0hbJa6HHz-S2Ar7syU-CEm7JV4H2UUSG2HvMYkPQ-txiW_D1qsSb3RKHOqXeBCM6ZB4AkzubOOZMGOAjbVgHm1jC1Qm2fgaLNts41Xg3WfjVqjbb-NGyDlt413Qp9XG4dD1oY17gznCzhZ4f4idM8GyyM6lEDhm51uQ_rOdsyA7YGcjhDywc0-IGuTgabB6loNTIXS2gwfBpcUOjoh3cK-l-KA20cEekI0Ovg4Rhxw8DMyygy0gT6_h65CdVsNGiMyp4UmQWVjD2-F5cw1vgYVKDb8N6aG1nAMVE2v5MixPquVkqLBig6iv5R6wX67lAlBGOtkLZr2TLaBZ5-QuMGO9k7WQnuXkLFhU6uQEuNDh5CpoGFHHfrhYVccSRNjqeBgEwuv5Fjy1tJ6fhrZN9dwBM_PrWQdfltbzV_BCmIuHgy7SxUueeMXFy-G3WBdfhttZLu6zzcWZP7l4O6xXXJwBK0NkTodvw2U-BRX5Ml-GB3dk7nxX5rwpChuhuVjhdoipUHgWDP_EzZEQ5XLzq5D0yM0pEPech-dAdYmH6-DcBQ__CvYdDSzDc3sbOAJmlzSwAeIuNvBcSL3fwB_AiW6NfD3wmIOQ0HW-WAlh_eaLITDWOV_EwMiO-SIaYmE6NPXQihZYodeK1RCyQCt6gjlFKyzw1nqtSIJf4E9Ytl0rVkHyp1qRCikFWpEBfx_VivuQ_INWvA9ba7ViJ_QdpBMDYORgnYiGgg914igc2aMTxfDfWZ0Q53RC85tOdIHKP3XiGtQ6dMIDpyL14ixsiNWLLTA7VS8MMHGPXsRB-Od6MRSmntSLuZAT1Iu9wG168Qy4XzQIFSbONIjXwbfHIG7A0iMGkQjdzxjEs6CFxRBXYhBz4MRZgzgDrQ3t4ib06d7FVV5-SfQq9Zkzh0SsTNuYuCZjU1p68tjU5LTE6HHRMVFR42JeHheduCHqf8gtLek"

X-Ua-Compatible

Other

IE=edge

Recommendations

Enable compression (gzip/brotli) to improve performance