HTTP Headers Analyzer
7 / 10
https://ahmefuck.com
Website → Nginx → Browser9 missing headers, 0 warnings, 0 notices
Header
Value
Explanation
server
nginx
date
thu, 26 dec 2024 21:07:50 gmt
The date and time at which the request was made. A browser uses it for age calculations rather than using its own internal date and time; e.g. when comparing against
Max-Age
or Expires
.vary
accept-encoding
The
Vary
header specifies a list of headers that must be considered when caching responses. For a cached response to be used, these headers must match between the cached response and the new request. This ensures that the appropriate version of a resource is served based on factors like language, encoding, or device type.set-cookie
6d8f3852ae0ea39318df658cc10bca59=deleted; expires=thu, 01-jan-1970 00:00:01 gmt; max-age=0; path=/
A cookie that was sent from the server to the browser.
expires=
sets the maximum lifetime of the cookie using a specific date.max-age=
sets the maximum lifetime of the cookie in seconds.path=
indicates the path that must exist in the requested URL for the browser to send the cookie.set-cookie
2b12d5156f3f5869b370a4d63737a609=spiders; expires=fri, 27-dec-2024 21:07:50 gmt; max-age=86400; path=/
A cookie that was sent from the server to the browser.
expires=
sets the maximum lifetime of the cookie using a specific date.max-age=
sets the maximum lifetime of the cookie in seconds.path=
indicates the path that must exist in the requested URL for the browser to send the cookie.set-cookie
50186d5bb6323efac565274215bb9466=spiders; expires=fri, 27-dec-2024 21:07:50 gmt; max-age=86400; path=/
A cookie that was sent from the server to the browser.
expires=
sets the maximum lifetime of the cookie using a specific date.max-age=
sets the maximum lifetime of the cookie in seconds.path=
indicates the path that must exist in the requested URL for the browser to send the cookie.set-cookie
9ba318ed52a66f42df97728bf2bd9828=1735247270; expires=fri, 27-dec-2024 21:07:50 gmt; max-age=86400; path=/
A cookie that was sent from the server to the browser.
expires=
sets the maximum lifetime of the cookie using a specific date.max-age=
sets the maximum lifetime of the cookie in seconds.path=
indicates the path that must exist in the requested URL for the browser to send the cookie.set-cookie
6d627b0381ade2674c29de0daa0f6497=%2f; expires=fri, 27-dec-2024 21:07:50 gmt; max-age=86400; path=/
A cookie that was sent from the server to the browser.
expires=
sets the maximum lifetime of the cookie using a specific date.max-age=
sets the maximum lifetime of the cookie in seconds.path=
indicates the path that must exist in the requested URL for the browser to send the cookie.set-cookie
529d9b418364c4c32cb22a8d6e027598=1; expires=fri, 27-dec-2024 21:07:50 gmt; max-age=86400; path=/
A cookie that was sent from the server to the browser.
expires=
sets the maximum lifetime of the cookie using a specific date.max-age=
sets the maximum lifetime of the cookie in seconds.path=
indicates the path that must exist in the requested URL for the browser to send the cookie.strict-transport-security
missing Add a
Strict-Transport-Security
header. The Strict-Transport-Security
header or HSTS header is used to instruct browsers to only use HTTPS, instead of using HTTP. It helps enforce secure communication.content-security-policy
missing Add a
Content-Security-Policy
header. The Content-Security-Policy
header helps browsers prevent cross site scripting (XSS) and data injection attacks.referrer-policy
missing Add a
Referrer-Policy
header. When a visitor navigates from one page to another, browsers often pass along referrer information. The Referrer-Policy
header controls how much referrer information a browser can share. This is important to configure when private information is embedded in the path or query string and passed onto an external destination.permissions-policy
missing Add a
Permissions-Policy
header. Restrict access to device features like the camera, microphone, location, accelerometer and much more.cross-origin-embedder-policy
missing Add a
Cross-Origin-Embedder-Policy
to specify how this page can be loaded by cross-origin resources.cross-origin-opener-policy
missing Add a
Cross-Origin-Opener-Policy
header to opt-in into better browser isolation.cross-origin-resource-policy
missing Add a
Cross-Origin-Resource-Policy
header to specify who can load this page.x-frame-options
missing Add a
X-Frame-Options
header. The X-Frame-Options
header prevents this URL from being embedded in an iframe
. This protects against clickjacking attacks. Alternatively, set a Content-Security-Policy
header with a frame-ancestor
directive.x-permitted-cross-domain-policies
missing Add a
X-Permitted-Cross-Domain-Policies
header to prevent Flash, Adobe Reader and other clients from sharing data across domains.Questions or feedback? Email dries@buytaert.net.