Dries Buytaert

HTTP Headers Analyzer

5 / 10
https://bestseoskills.hashnode.dev/8171-bisp
Website → Browser
9 missing headers, 2 warnings, 1 notices
Header
Value
Explanation
cache-control
private, no-store, max-age=0
private means the response can only be stored by the browser's cache, but not by CDNs, proxies, or any other shared caches.
Warning no-store means the response may not be stored in any cache, including the browser's cache.
max-age specifies the maximum amount of seconds a page is considered valid. The higher max-age, the longer a page can be cached.
Warning Because max-age is set to 0 seconds and no s-maxage is set, nothing will be cached in browsers or shared caches. Caching is effectively disabled!
Notice no-store is set, so it does not make sense to set private as well.
content-type
text/html; charset=utf-8
The type of the message body, specified as a MIME type.
server
vercel
x-vercel-challenge-token
2.1755694176.60.njuzmgizmja2y2ewyty0otq5otm1yzy0oddkzgqyowm7ognhnmjiyjg7ngi1oda5mtaxogq4mtnlzgjhntbly2ixyjuzndy0nzgwzmm2ngu2yjszoy0cqavdg86bdavbczpm7sohbj3eftodcid7uneyelohmyqypytybjb392vfnzghqg2nxrnlg0vi/g0uwazq6ual3tz6tpoul5wan2d9n655hh4zwyesmsd8eia=.4e0363e1424df258b0ca2e1edf915cfa
x-vercel-id
iad1::1755694176-qz2l6xmxkb4vomapoqyssduwgmsf8j6s
x-vercel-mitigated
challenge
date
wed, 20 aug 2025 12:49:36 gmt
The date and time at which the request was made. A browser uses it for age calculations rather than using its own internal date and time; e.g. when comparing against Max-Age or Expires.
strict-transport-security
missing Add a Strict-Transport-Security header. The Strict-Transport-Security header or HSTS header is used to instruct browsers to only use HTTPS, instead of using HTTP. It helps enforce secure communication.
content-security-policy
missing Add a Content-Security-Policy header. The Content-Security-Policy header helps browsers prevent cross site scripting (XSS) and data injection attacks.
referrer-policy
missing Add a Referrer-Policy header. When a visitor navigates from one page to another, browsers often pass along referrer information. The Referrer-Policy header controls how much referrer information a browser can share. This is important to configure when private information is embedded in the path or query string and passed onto an external destination.
permissions-policy
missing Add a Permissions-Policy header. Restrict access to device features like the camera, microphone, location, accelerometer and much more.
cross-origin-embedder-policy
missing Add a Cross-Origin-Embedder-Policy to specify how this page can be loaded by cross-origin resources.
cross-origin-opener-policy
missing Add a Cross-Origin-Opener-Policy header to opt-in into better browser isolation.
cross-origin-resource-policy
missing Add a Cross-Origin-Resource-Policy header to specify who can load this page.
x-frame-options
missing Add a X-Frame-Options header. The X-Frame-Options header prevents this URL from being embedded in an iframe. This protects against clickjacking attacks. Alternatively, set a Content-Security-Policy header with a frame-ancestor directive.
x-permitted-cross-domain-policies
missing Add a X-Permitted-Cross-Domain-Policies header to prevent Flash, Adobe Reader and other clients from sharing data across domains.

Questions or feedback? Email dries@buytaert.net.