Dries Buytaert

Explanation

The date and time at which the request was made. A browser uses it for age calculations rather than using its own internal date and time; e.g. when comparing against Max-Age or Expires.

The Accept-CH header specifies HTTP Client Hints that the server requests from the client (typically a browser) to optimize content delivery.

• sec-ch-ua: Requests a condensed version of the user agent string.
• sec-ch-ua-full-version-list: Requests a detailed list of version numbers for the client's browser and its significant components.
• sec-ch-ua-mobile: Requests a boolean hint indicating if the client's device is mobile.
• sec-ch-ua-platform: Requests the operating system platform of the client's device, such as Windows or MacOS.
• sec-ch-ua-platform-version: Requests the version of the operating system the client is running.
• sec-ch-ua-arch: Requests the client's device CPU architecture, such as ARM or x86.
• sec-ch-ua-full-version: Requests the complete version number of the client's browser.
• sec-ch-ua-model: Requests the model of the client's device.
• sec-ch-ua-bitness: Requests the bit architecture of the client's operating system, such as 32-bit or 64-bit.

missing Add a Strict-Transport-Security header. The Strict-Transport-Security header or HSTS header is used to instruct browsers to only use HTTPS, instead of using HTTP. It helps enforce secure communication.

missing Add a Content-Security-Policy header. The Content-Security-Policy header helps browsers prevent cross site scripting (XSS) and data injection attacks.

missing Add a Referrer-Policy header. When a visitor navigates from one page to another, browsers often pass along referrer information. The Referrer-Policy header controls how much referrer information a browser can share. This is important to configure when private information is embedded in the path or query string and passed onto an external destination.

missing Add a Permissions-Policy header. Restrict access to device features like the camera, microphone, location, accelerometer and much more.

missing Add a Cross-Origin-Embedder-Policy to specify how this page can be loaded by cross-origin resources.

missing Add a Cross-Origin-Opener-Policy header to opt-in into better browser isolation.

missing Add a Cross-Origin-Resource-Policy header to specify who can load this page.

missing Add a X-Frame-Options header. The X-Frame-Options header prevents this URL from being embedded in an iframe. This protects against clickjacking attacks. Alternatively, set a Content-Security-Policy header with a frame-ancestor directive.

missing Add a X-Permitted-Cross-Domain-Policies header to prevent Flash, Adobe Reader and other clients from sharing data across domains.