Open
Cached
·
4h ago
22
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Basic
default-src; script-src; style-src; +11 more
default-src 'none'; script-src 'self' blob: 'nonce-k9ef3YoNWHlfzc9VstmU+NpD' 'unsafe-inline' 'unsafe-eval' mc.yandex.ru yandex.st yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net *.yandex-team.ru aflt.market.yandex.ru www.youtube.com *.vimeo.com s.ytimg.com lpc.s3.mdst.yandex.net abt.s3.yandex.net chat.s3.yandex.net *.api-maps.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yandex.com *.yandex.com ya.ru *.ya.ru; style-src 'self' 'unsafe-inline' 'unsafe-eval' yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net *.s3.yandex.net lpc.s3.mdst.yandex.net yandex.st banners.adfox.ru content.adfox.ru *.ya.ru; font-src 'self' data: yandex.ru an.yandex.ru *.s3.yandex.net yastatic.net yastat.net *.yandex.ru *.ya.ru; img-src * 'self' blob: data: android-webview-video-poster: *.yandex.net *.s3.yandex.net yastatic.net http://lpc.s3.mds.yandex.net http://yastatic.net mc.admetrica.ru avatars-fast.yandex.net favicon.yandex.net *.verify.yandex.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net avatars.mds.yandex.net *.yandex.ru *.ya.ru; frame-src 'self' data: yabrowser: turbopages.org *.turbopages.org yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net *.yandex-team.ru *.video.yandex.ru *.market.yandex.ru www.youtube.com *.vimeo.com https://vk.com/video_ext.php https://login.vk.com embed.megogo.net coub.com awaps.yandex.net yandexadexchange.net *.yandexadexchange.net banners.adfox.ru meyou.ru broadcast.comdi.com datalens.yandex partner.market.yandex.ru go.yandex yango.com yandexteam-my.sharepoint.com *.bookmate.ru bookmate.ru yandex.com yandex.com.tr yandex.com.am yandex.com.ge yandex.md yandex.by yandex.kz yandex.uz yandex.rs *.yandex.com *.yandex.com.tr *.yandex.com.am *.yandex.com.ge *.yandex.md *.yandex.by *.yandex.kz *.yandex.uz *.yandex.rs ya.ru *.ya.ru; media-src * 'self' data: blob: *.video.yandex.ru *.storage.yandex.net *.s3.yandex.net *.cdn.yandex.net yastatic.net *.yandex.net *.strm.yandex.ru yandex.st banners.adfox.ru content.adfox.ru yastat.net yandex.ru *.yandex.ru ya.ru *.ya.ru; connect-src 'self' blob: yandexmetrica.com:* mc.admetrica.ru yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net *.yandex-team.ru yandex.st milab.s3.yandex.net *.k50.ru *.k50dev.ru openkitchen.media auto.ru yango.com *.yango.com ads.adfox.ru ads6.adfox.ru ya.ru *.ya.ru dev.introvert.bz; form-action https://*; worker-src blob: yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net *.yandex-team.ru; object-src yastatic.net; report-uri https://csp.yandex.net/csp?from=lp-constructor&project=lp-constructor&yandex_login=undefined&yandexuid=3586030301764987360; child-src 'self'; frame-ancestors 'self' webvisor.com http://webvisor.com *.mtproxy.yandex.net www.kinopoisk.ru *.yandex-team.ru yandex-team.ru n.maps.yandex.ru yandex.ru yandex.com yandex.com.tr yandex.com.am yandex.com.ge yandex.md yandex.by yandex.kz yandex.uz yandex.net yandex.rs *.yandex.ru *.yandex.ru:* *.yandex.com:* *.yandex.com.tr:* *.yandex.com.am *.yandex.com.ge *.yandex.md *.yandex.by *.yandex.kz *.yandex.uz *.yandex.net *.yandex.rs ya.ru *.ya.ru;
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer-when-downgrade
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
Close
Transfer-Encoding
Performance
chunked
Vary
Performance
Access-Control-Request-Headers
Caching Headers
3 headers
Cache-Control
Caching
no-cache, no-store, max-age=0, must-revalidate
Expires
Caching
0
Pragma
Caching
no-cache
Content Headers
1 headers
Content-Type
Content
text/html;charset=utf-8
Server Headers
0 headers
No server headers found
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
bh=YOCjzskGagLvDw==; Path=/; Domain=.yandex.ru; Expires=Sun, 10 Jan 2027 02:16:00 GMT
Other Headers
9 headers
Accept-Ch
Other
Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Sec-CH-Viewport-Width, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT, Width, Sec-Ch-Viewport-Height
Date
Other
Sat, 06 Dec 2025 02:16:00 GMT
Nel
Other
{"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
Report-To
Other
{ "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
X-Balancer-Dc
Other
sas
X-Balancer-Host
Other
2a02:6b8:c1c:34a3:0:52b6:3c48:0
X-Lpc
Other
1
X-Request-Id
Other
1764987360492433-2021647345948607159
X-Yandex-Req-Id
Other
1764987360478427-8409167811258603030-balancer-l7leveler-kubr-yp-vla-265-BAL
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 286ms