HTTP Headers Analyzer
7 / 10
https://pro-tacticalgunshop.com/product/7-62x39-brass
WordPress → Bluehost → Apache → Browser9 missing headers, 0 warnings, 1 notices
Header
Value
Explanation
x-litespeed-tag
035_http.200
link
<https://pro-tacticalgunshop.com/wp-json/>; rel="https://api.w.org/", <https://pro-tacticalgunshop.com/wp-json/wp/v2/product/2062>; rel="alternate"; title="json"; type="application/json", <https://pro-tacticalgunshop.com/?p=2062>; rel=shortlink
rel="shortlink" specifies a shorter URL for the current page, to be used in space constrained interfaces and/or for manual entry.cache-control
max-age=7200
max-age specifies the maximum amount of seconds a page is considered valid. The higher max-age, the longer a page can be cached.expires
wed, 15 jan 2025 06:50:44 gmt
This
Notice Because there is a
Expires date is in the future: the page can be served from a cache. The page is set to expire in 7200 seconds. At that point, caches should be refreshed.Notice Because there is a
Cache-Control header with a max-age and/or s-maxage directive, the Expires header will be ignored. Consider removing Expires to save bandwidth and processing power.x-newfold-cache-level
2
x-endurance-cache-level
2
The Endurance Page Cache is a WordPress plugin developed by Bluehost. Bluehost automatically installs it on all WordPress sites to add basic file-based caching to WordPress; it turn pages generated by WordPress into static HTML files.
x-nginx-cache
wordpress
date
wed, 15 jan 2025 04:50:44 gmt
The date and time at which the request was made. A browser uses it for age calculations rather than using its own internal date and time; e.g. when comparing against
Max-Age or Expires.server
apache
strict-transport-security
missing Add a
Strict-Transport-Security header. The Strict-Transport-Security header or HSTS header is used to instruct browsers to only use HTTPS, instead of using HTTP. It helps enforce secure communication.content-security-policy
missing Add a
Content-Security-Policy header. The Content-Security-Policy header helps browsers prevent cross site scripting (XSS) and data injection attacks.referrer-policy
missing Add a
Referrer-Policy header. When a visitor navigates from one page to another, browsers often pass along referrer information. The Referrer-Policy header controls how much referrer information a browser can share. This is important to configure when private information is embedded in the path or query string and passed onto an external destination.permissions-policy
missing Add a
Permissions-Policy header. Restrict access to device features like the camera, microphone, location, accelerometer and much more.cross-origin-embedder-policy
missing Add a
Cross-Origin-Embedder-Policy to specify how this page can be loaded by cross-origin resources.cross-origin-opener-policy
missing Add a
Cross-Origin-Opener-Policy header to opt-in into better browser isolation.cross-origin-resource-policy
missing Add a
Cross-Origin-Resource-Policy header to specify who can load this page.x-frame-options
missing Add a
X-Frame-Options header. The X-Frame-Options header prevents this URL from being embedded in an iframe. This protects against clickjacking attacks. Alternatively, set a Content-Security-Policy header with a frame-ancestor directive.x-permitted-cross-domain-policies
missing Add a
X-Permitted-Cross-Domain-Policies header to prevent Flash, Adobe Reader and other clients from sharing data across domains.Questions or feedback? Email dries@buytaert.net.