HTTP Headers Analyzer
6 / 10
https://hcxtgchgd.weebly.com
Website → CloudFlare → Browser9 missing headers, 1 warnings, 0 notices
The site is using a CDN, but the HTML page is not cached.
Header
Value
Explanation
date
mon, 24 feb 2025 19:36:01 gmt
The date and time at which the request was made. A browser uses it for age calculations rather than using its own internal date and time; e.g. when comparing against
Max-Age
or Expires
.cf-ray
9171e6f0b9e00824-iad
The
cf-ray
header provides a unique identifier for each request through Cloudflare. It's useful for troubleshooting and tracking requests in Cloudflare logs.cf-cache-status
bypass
Warning The origin server instructed Cloudflare to bypass cache via a
Cache-Control
header set to no-cache
, private
, or max-age=0
. bypass
is returned when enabling the Origin Cache-Control setting.vary
accept-encoding
The
Vary
header specifies a list of headers that must be considered when caching responses. For a cached response to be used, these headers must match between the cached response and the new request. This ensures that the appropriate version of a resource is served based on factors like language, encoding, or device type.set-cookie
__cf_bm=avmh_eer24ewkw8ez3zlqtv4qq.1smggcddv_xuphu4-1740425761-1.0.1.1-l23x77mgnx11ivof8pmkqumllecutd8hhccru5uh_11w4lff5dvkes_2r8gipifdo.ezjrpaz03dtumwbabnrw; path=/; expires=mon, 24-feb-25 20:06:01 gmt; domain=.weebly.com; httponly; secure
A cookie that was sent from the server to the browser.
expires=
sets the maximum lifetime of the cookie using a specific date.domain=
sets the domain to which the cookie will be sent.path=
indicates the path that must exist in the requested URL for the browser to send the cookie.secure
instructs the browser to only send the cookie back when HTTPS requests are used, making it more resistant to man-in-the-middle attacks.httponly
forbids JavaScript from accessing the cookie. Helps mitigate the risk of client side scripts accessing a protected cookie.cf_bm
is a cookie set by Cloudflare to support bot management. This is a technical cookie; it's exempt from GDPR and doesn't need user consent.server
cloudflare
strict-transport-security
missing Add a
Strict-Transport-Security
header. The Strict-Transport-Security
header or HSTS header is used to instruct browsers to only use HTTPS, instead of using HTTP. It helps enforce secure communication.content-security-policy
missing Add a
Content-Security-Policy
header. The Content-Security-Policy
header helps browsers prevent cross site scripting (XSS) and data injection attacks.referrer-policy
missing Add a
Referrer-Policy
header. When a visitor navigates from one page to another, browsers often pass along referrer information. The Referrer-Policy
header controls how much referrer information a browser can share. This is important to configure when private information is embedded in the path or query string and passed onto an external destination.permissions-policy
missing Add a
Permissions-Policy
header. Restrict access to device features like the camera, microphone, location, accelerometer and much more.cross-origin-embedder-policy
missing Add a
Cross-Origin-Embedder-Policy
to specify how this page can be loaded by cross-origin resources.cross-origin-opener-policy
missing Add a
Cross-Origin-Opener-Policy
header to opt-in into better browser isolation.cross-origin-resource-policy
missing Add a
Cross-Origin-Resource-Policy
header to specify who can load this page.x-frame-options
missing Add a
X-Frame-Options
header. The X-Frame-Options
header prevents this URL from being embedded in an iframe
. This protects against clickjacking attacks. Alternatively, set a Content-Security-Policy
header with a frame-ancestor
directive.x-permitted-cross-domain-policies
missing Add a
X-Permitted-Cross-Domain-Policies
header to prevent Flash, Adobe Reader and other clients from sharing data across domains.Questions or feedback? Email dries@buytaert.net.