HTTP Headers Analyzer
0 / 10
https://www.govvi.com/secret/bigem
Website → Nginx → Browser9 missing headers, 8 warnings, 0 notices
Header
Value
Explanation
date
sun, 22 dec 2024 12:38:39 gmt
The date and time at which the request was made. A browser uses it for age calculations rather than using its own internal date and time; e.g. when comparing against
Max-Age
or Expires
.content-length
12394
The size of the message body, in bytes.
set-cookie
awsalb=ykmnb6jcv4vqka9i2cxp9cfnehysprht7d4zlsuf92mtoknkgrvasbgjhduinulsdn7ksqdji9ldgfhxj7ebbhdmggffifsyye+bafjuu41yx/po9gsqnmnpqesn; expires=sun, 29 dec 2024 12:38:39 gmt; path=/
A cookie that was sent from the server to the browser.
expires=
sets the maximum lifetime of the cookie using a specific date.path=
indicates the path that must exist in the requested URL for the browser to send the cookie.set-cookie
awsalbcors=ykmnb6jcv4vqka9i2cxp9cfnehysprht7d4zlsuf92mtoknkgrvasbgjhduinulsdn7ksqdji9ldgfhxj7ebbhdmggffifsyye+bafjuu41yx/po9gsqnmnpqesn; expires=sun, 29 dec 2024 12:38:39 gmt; path=/; samesite=none; secure
A cookie that was sent from the server to the browser.
Warning
expires=
sets the maximum lifetime of the cookie using a specific date.path=
indicates the path that must exist in the requested URL for the browser to send the cookie.Warning
samesite=none
instructs the browser to send the cookie to all cross-site requests, such as on requests to load images or frames from other sites. This enables third-party sites to log cookie data. This could lead to data leaks and cross-site request forgery attacks. To improve security, set to samesite=strict
or samesite=lax
.secure
instructs the browser to only send the cookie back when HTTPS requests are used, making it more resistant to man-in-the-middle attacks.set-cookie
cfid=f3b67705-1da4-4b2e-b7d7-cc6e38bdd7b9;path=/; secure; httponly; samesite=none;expires=mon, 21-dec-2054 20:30:09 utc;secure;httponly
A cookie that was sent from the server to the browser.
Warning
expires=
sets the maximum lifetime of the cookie using a specific date.path=
indicates the path that must exist in the requested URL for the browser to send the cookie.Warning
samesite=none
instructs the browser to send the cookie to all cross-site requests, such as on requests to load images or frames from other sites. This enables third-party sites to log cookie data. This could lead to data leaks and cross-site request forgery attacks. To improve security, set to samesite=strict
or samesite=lax
.secure
instructs the browser to only send the cookie back when HTTPS requests are used, making it more resistant to man-in-the-middle attacks.httponly
forbids JavaScript from accessing the cookie. Helps mitigate the risk of client side scripts accessing a protected cookie.set-cookie
cftoken=0;path=/; secure; httponly; samesite=none;expires=mon, 21-dec-2054 20:30:09 utc;secure;httponly
A cookie that was sent from the server to the browser.
Warning
expires=
sets the maximum lifetime of the cookie using a specific date.path=
indicates the path that must exist in the requested URL for the browser to send the cookie.Warning
samesite=none
instructs the browser to send the cookie to all cross-site requests, such as on requests to load images or frames from other sites. This enables third-party sites to log cookie data. This could lead to data leaks and cross-site request forgery attacks. To improve security, set to samesite=strict
or samesite=lax
.secure
instructs the browser to only send the cookie back when HTTPS requests are used, making it more resistant to man-in-the-middle attacks.httponly
forbids JavaScript from accessing the cookie. Helps mitigate the risk of client side scripts accessing a protected cookie.set-cookie
goinvite=d004eb1ffdbbfd090b5259a266fddd90;path=/; secure; httponly; samesite=none;domain=govvi.com;expires=mon, 21-dec-2054 20:30:09 utc;secure;httponly
A cookie that was sent from the server to the browser.
Warning
expires=
sets the maximum lifetime of the cookie using a specific date.domain=
sets the domain to which the cookie will be sent.path=
indicates the path that must exist in the requested URL for the browser to send the cookie.Warning
samesite=none
instructs the browser to send the cookie to all cross-site requests, such as on requests to load images or frames from other sites. This enables third-party sites to log cookie data. This could lead to data leaks and cross-site request forgery attacks. To improve security, set to samesite=strict
or samesite=lax
.secure
instructs the browser to only send the cookie back when HTTPS requests are used, making it more resistant to man-in-the-middle attacks.httponly
forbids JavaScript from accessing the cookie. Helps mitigate the risk of client side scripts accessing a protected cookie.set-cookie
cf_client_p2club=%7b%22default%22%3atrue%2c%22logo%22%3a%221.png%22%2c%22partner%22%3a%7b%22domain%22%3a%22www.rocketnotes.com%22%7d%7d;path=/; secure; httponly; samesite=none;expires=sat, 22-mar-2025 12:38:39 utc;secure;httponly
A cookie that was sent from the server to the browser.
Warning
expires=
sets the maximum lifetime of the cookie using a specific date.path=
indicates the path that must exist in the requested URL for the browser to send the cookie.Warning
samesite=none
instructs the browser to send the cookie to all cross-site requests, such as on requests to load images or frames from other sites. This enables third-party sites to log cookie data. This could lead to data leaks and cross-site request forgery attacks. To improve security, set to samesite=strict
or samesite=lax
.secure
instructs the browser to only send the cookie back when HTTPS requests are used, making it more resistant to man-in-the-middle attacks.httponly
forbids JavaScript from accessing the cookie. Helps mitigate the risk of client side scripts accessing a protected cookie.set-cookie
cf_client_p2club_lv=1734871119896;path=/; secure; httponly; samesite=none;expires=sat, 22-mar-2025 12:38:39 utc;secure;httponly
A cookie that was sent from the server to the browser.
Warning
expires=
sets the maximum lifetime of the cookie using a specific date.path=
indicates the path that must exist in the requested URL for the browser to send the cookie.Warning
samesite=none
instructs the browser to send the cookie to all cross-site requests, such as on requests to load images or frames from other sites. This enables third-party sites to log cookie data. This could lead to data leaks and cross-site request forgery attacks. To improve security, set to samesite=strict
or samesite=lax
.secure
instructs the browser to only send the cookie back when HTTPS requests are used, making it more resistant to man-in-the-middle attacks.httponly
forbids JavaScript from accessing the cookie. Helps mitigate the risk of client side scripts accessing a protected cookie.set-cookie
cf_client_p2club_tc=1734871119896;path=/; secure; httponly; samesite=none;expires=sat, 22-mar-2025 12:38:39 utc;secure;httponly
A cookie that was sent from the server to the browser.
Warning
expires=
sets the maximum lifetime of the cookie using a specific date.path=
indicates the path that must exist in the requested URL for the browser to send the cookie.Warning
samesite=none
instructs the browser to send the cookie to all cross-site requests, such as on requests to load images or frames from other sites. This enables third-party sites to log cookie data. This could lead to data leaks and cross-site request forgery attacks. To improve security, set to samesite=strict
or samesite=lax
.secure
instructs the browser to only send the cookie back when HTTPS requests are used, making it more resistant to man-in-the-middle attacks.httponly
forbids JavaScript from accessing the cookie. Helps mitigate the risk of client side scripts accessing a protected cookie.set-cookie
cf_client_p2club_hc=2;path=/; secure; httponly; samesite=none;expires=sat, 22-mar-2025 12:38:39 utc;secure;httponly
A cookie that was sent from the server to the browser.
Warning
expires=
sets the maximum lifetime of the cookie using a specific date.path=
indicates the path that must exist in the requested URL for the browser to send the cookie.Warning
samesite=none
instructs the browser to send the cookie to all cross-site requests, such as on requests to load images or frames from other sites. This enables third-party sites to log cookie data. This could lead to data leaks and cross-site request forgery attacks. To improve security, set to samesite=strict
or samesite=lax
.secure
instructs the browser to only send the cookie back when HTTPS requests are used, making it more resistant to man-in-the-middle attacks.httponly
forbids JavaScript from accessing the cookie. Helps mitigate the risk of client side scripts accessing a protected cookie.server
nginx/1.13.4
content-language
en
Specifies the page's intended audience. For example,
en-US
means that the document is intended for English language speakers in the United States. The language tags are defined in RFC 5646.strict-transport-security
missing Add a
Strict-Transport-Security
header. The Strict-Transport-Security
header or HSTS header is used to instruct browsers to only use HTTPS, instead of using HTTP. It helps enforce secure communication.content-security-policy
missing Add a
Content-Security-Policy
header. The Content-Security-Policy
header helps browsers prevent cross site scripting (XSS) and data injection attacks.referrer-policy
missing Add a
Referrer-Policy
header. When a visitor navigates from one page to another, browsers often pass along referrer information. The Referrer-Policy
header controls how much referrer information a browser can share. This is important to configure when private information is embedded in the path or query string and passed onto an external destination.permissions-policy
missing Add a
Permissions-Policy
header. Restrict access to device features like the camera, microphone, location, accelerometer and much more.cross-origin-embedder-policy
missing Add a
Cross-Origin-Embedder-Policy
to specify how this page can be loaded by cross-origin resources.cross-origin-opener-policy
missing Add a
Cross-Origin-Opener-Policy
header to opt-in into better browser isolation.cross-origin-resource-policy
missing Add a
Cross-Origin-Resource-Policy
header to specify who can load this page.x-frame-options
missing Add a
X-Frame-Options
header. The X-Frame-Options
header prevents this URL from being embedded in an iframe
. This protects against clickjacking attacks. Alternatively, set a Content-Security-Policy
header with a frame-ancestor
directive.x-permitted-cross-domain-policies
missing Add a
X-Permitted-Cross-Domain-Policies
header to prevent Flash, Adobe Reader and other clients from sharing data across domains.Questions or feedback? Email dries@buytaert.net.