HTTP Headers Analyzer
8 / 10
https://thenoodlemagazine.net/
WordPress → LiteSpeed → Browser7 missing headers, 0 warnings, 0 notices
Header
Value
Explanation
set-cookie
weather_location=ashburn%2c%20us; expires=wed, 01-oct-2025 00:24:13 gmt; max-age=2592000; path=/; secure
A cookie that was sent from the server to the browser.
expires= sets the maximum lifetime of the cookie using a specific date.max-age= sets the maximum lifetime of the cookie in seconds.path= indicates the path that must exist in the requested URL for the browser to send the cookie.secure instructs the browser to only send the cookie back when HTTPS requests are used, making it more resistant to man-in-the-middle attacks.link
<https://thenoodlemagazine.net/wp-json/>; rel="https://api.w.org/"
rel="https://api.w.org/" is where you can learn more about WordPress' REST API. Applications can interact with this WordPress site by sending and receiving JSON objects.link
<https://thenoodlemagazine.net/wp-json/wp/v2/pages/879>; rel="alternate"; title="json"; type="application/json"
Specifies a link that might be of interest to the browser.
link
<https://thenoodlemagazine.net/>; rel=shortlink
rel="shortlink" specifies a shorter URL for the current page, to be used in space constrained interfaces and/or for manual entry.date
mon, 01 sep 2025 00:24:13 gmt
The date and time at which the request was made. A browser uses it for age calculations rather than using its own internal date and time; e.g. when comparing against
Max-Age or Expires.server
litespeed
platform
hostinger
Some of the software used to generate or serve this page.
panel
hpanel
content-security-policy
upgrade-insecure-requests
The Content Security Policy (CSP) header helps prevent cross-site scripting (XSS), clickjacking, and other code injection attacks by specifying which dynamic resources are allowed to load.
upgrade-insecure-requests instructs browsers to replace insecure URLs (HTTP) with secure URLs (HTTPS).strict-transport-security
missing Add a
Strict-Transport-Security header. The Strict-Transport-Security header or HSTS header is used to instruct browsers to only use HTTPS, instead of using HTTP. It helps enforce secure communication.referrer-policy
missing Add a
Referrer-Policy header. When a visitor navigates from one page to another, browsers often pass along referrer information. The Referrer-Policy header controls how much referrer information a browser can share. This is important to configure when private information is embedded in the path or query string and passed onto an external destination.permissions-policy
missing Add a
Permissions-Policy header. Restrict access to device features like the camera, microphone, location, accelerometer and much more.cross-origin-embedder-policy
missing Add a
Cross-Origin-Embedder-Policy to specify how this page can be loaded by cross-origin resources.cross-origin-opener-policy
missing Add a
Cross-Origin-Opener-Policy header to opt-in into better browser isolation.cross-origin-resource-policy
missing Add a
Cross-Origin-Resource-Policy header to specify who can load this page.x-permitted-cross-domain-policies
missing Add a
X-Permitted-Cross-Domain-Policies header to prevent Flash, Adobe Reader and other clients from sharing data across domains.Questions or feedback? Email dries@buytaert.net.