HTTP Headers Analysis for https://zappysoftware.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Weak

frame-ancestors

X-Frame-Options

Present

ALLOW-FROM https://*.zappy.dev https://*.zappy.pro https://*.zappysoftware.com

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer-when-downgrade

Permissions-Policy

Present

cross-origin-isolated=(self), keyboard-map=(self), navigation-override=(self), screen-wake-lock=(self), clipboard-read=(self), focus-without-user-activation=(self), idle-detection=(self), window-placement=(self), vertical-scroll=(self)

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Significantly strengthen CSP directives

Performance Headers

2 headers

Connection

Performance

close

Vary

Performance

Accept-Encoding

Caching Headers

2 headers

Cache-Control

Caching

max-age=0, no-cache, no-store, must-revalidate, post-check=0, pre-check=0

Pragma

Caching

no-cache

Content Headers

2 headers

Content-Length

Content

162918

Content-Type

Content

text/html; charset=UTF-8

Server Headers

1 headers

Server

Apache

CORS Headers

4 headers

Access-Control-Allow-Credentials

Cors

true

Access-Control-Allow-Headers

Cors

Origin, X-Requested-With, Content-Type, Accept

Access-Control-Allow-Methods

Cors

POST,GET,OPTIONS,PUT,DELETE,HEAD

Access-Control-Allow-Origin

Cors

*

Cookies Headers

1 headers

Set-Cookie

Cookies

PHPSESSID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=zappysoftware.com

Other Headers

2 headers

Date

Other

Fri, 02 Jan 2026 04:32:19 GMT

Link

Other

<https://zappysoftware.com/>; rel=shortlink

Recommendations

Enable compression (gzip/brotli) to improve performance