HTTP Headers Analyzer
5 / 10
https://huay-slot.com
Website → Browser8 missing headers, 1 warnings, 2 notices
Header
Value
Explanation
server
ddos-guard
set-cookie
__ddg8_=x3xqsjfbtdfbjit9; domain=.1widqs.com; path=/; expires=wed, 22-jan-2025 19:34:37 gmt
A cookie that was sent from the server to the browser.
expires= sets the maximum lifetime of the cookie using a specific date.domain= sets the domain to which the cookie will be sent.path= indicates the path that must exist in the requested URL for the browser to send the cookie.set-cookie
__ddg9_=3.84.110.171; domain=.1widqs.com; path=/; expires=wed, 22-jan-2025 19:34:37 gmt
A cookie that was sent from the server to the browser.
expires= sets the maximum lifetime of the cookie using a specific date.domain= sets the domain to which the cookie will be sent.path= indicates the path that must exist in the requested URL for the browser to send the cookie.set-cookie
__ddg10_=1737573277; domain=.1widqs.com; path=/; expires=wed, 22-jan-2025 19:34:37 gmt
A cookie that was sent from the server to the browser.
expires= sets the maximum lifetime of the cookie using a specific date.domain= sets the domain to which the cookie will be sent.path= indicates the path that must exist in the requested URL for the browser to send the cookie.set-cookie
__ddg1_=prikfxknpr5beppp69ay; domain=.1widqs.com; httponly; path=/; expires=thu, 22-jan-2026 19:14:37 gmt
A cookie that was sent from the server to the browser.
expires= sets the maximum lifetime of the cookie using a specific date.domain= sets the domain to which the cookie will be sent.path= indicates the path that must exist in the requested URL for the browser to send the cookie.httponly forbids JavaScript from accessing the cookie. Helps mitigate the risk of client side scripts accessing a protected cookie.date
wed, 22 jan 2025 19:14:37 gmt
The date and time at which the request was made. A browser uses it for age calculations rather than using its own internal date and time; e.g. when comparing against
Max-Age or Expires.content-length
56205
The size of the message body, in bytes.
vary
accept-encoding
The
Vary header specifies a list of headers that must be considered when caching responses. For a cached response to be used, these headers must match between the cached response and the new request. This ensures that the appropriate version of a resource is served based on factors like language, encoding, or device type.vary
origin
The
Vary header specifies a list of headers that must be considered when caching responses. For a cached response to be used, these headers must match between the cached response and the new request. This ensures that the appropriate version of a resource is served based on factors like language, encoding, or device type.x-request-id
xiuyflvaiiot5pml
A unique identifier for the HTTP request. This can be useful for tracking a request through complex systems or for debugging purposes.
x-app-version
v2.139.0
Some of the software used to generate or serve this page.
Warning Sharing too many details about a server or web application makes it easier for hackers to target a website. Avoid specific version numbers such as 2.139.0, especially when running software that is end-of-life and/or has known security bugs. Consider removing this header. At a miminum, remove any version number.
Warning Sharing too many details about a server or web application makes it easier for hackers to target a website. Avoid specific version numbers such as 2.139.0, especially when running software that is end-of-life and/or has known security bugs. Consider removing this header. At a miminum, remove any version number.
x-match-domain
1widqs.com
access-control-allow-origin
*
Indicates whether a browser can share this resource with other code.
* is a wildcard. It means the browser will allow code from any origin to access this resource.x-frame-options
allow-from ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
X-Frame-Options prevents this URL from being embedded in an iframe. This protects against clickjacking attacks.allow-from means that this page can be displayed in an iframe but only on the listed URLs.Notice
allow-from is deprecated. Use the Content-Security-Policy header with the frame-src directive.x-frame-options
allow-from 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
X-Frame-Options prevents this URL from being embedded in an iframe. This protects against clickjacking attacks.allow-from means that this page can be displayed in an iframe but only on the listed URLs.Notice
allow-from is deprecated. Use the Content-Security-Policy header with the frame-src directive.strict-transport-security
missing Add a
Strict-Transport-Security header. The Strict-Transport-Security header or HSTS header is used to instruct browsers to only use HTTPS, instead of using HTTP. It helps enforce secure communication.content-security-policy
missing Add a
Content-Security-Policy header. The Content-Security-Policy header helps browsers prevent cross site scripting (XSS) and data injection attacks.referrer-policy
missing Add a
Referrer-Policy header. When a visitor navigates from one page to another, browsers often pass along referrer information. The Referrer-Policy header controls how much referrer information a browser can share. This is important to configure when private information is embedded in the path or query string and passed onto an external destination.permissions-policy
missing Add a
Permissions-Policy header. Restrict access to device features like the camera, microphone, location, accelerometer and much more.cross-origin-embedder-policy
missing Add a
Cross-Origin-Embedder-Policy to specify how this page can be loaded by cross-origin resources.cross-origin-opener-policy
missing Add a
Cross-Origin-Opener-Policy header to opt-in into better browser isolation.cross-origin-resource-policy
missing Add a
Cross-Origin-Resource-Policy header to specify who can load this page.x-permitted-cross-domain-policies
missing Add a
X-Permitted-Cross-Domain-Policies header to prevent Flash, Adobe Reader and other clients from sharing data across domains.Questions or feedback? Email dries@buytaert.net.