HTTP Headers Analyzer
7 / 10
Website → LiteSpeed → Browser
9 missing headers, 0 warnings, 0 notices
9 missing headers, 0 warnings, 0 notices
Header
Value
Explanation
date
wed, 27 sep 2023 05:04:23 gmt
The date and time at which the request was made. A browser uses it for age calculations rather than using its own internal date and time; e.g. when compairing against
Max-Age or Expires.server
litespeed
Some of the software used to generate or serve this page.
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-q050=":443"; ma=2592000, h3-q046=":443"; ma=2592000, h3-q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Used to promote alternative services through which the same resource can be retrieved.
h3 stands for HTTP/3. The number after the dash indicates the draft; e.g. h3-27 would be draft 27 of the HTTP/3 protocol.quic stands for HTTP/3.ma is the number of seconds the alternative service is considered fresh.connection
keep-alive
Specifies whether the network connection stays open after the current request.
keep-alive specifies that the browser would like to keep the connection open, while close indicates that the browser wants to close the connection.strict-transport-security
missing Add a
Strict-Transport-Security header. The Strict-Transport-Security header or HSTS header is used to instruct browsers to only use HTTPS, instead of using HTTP. It helps enforce secure communication.content-security-policy
missing Add a
Content-Security-Policy header. The Content-Security-Policy header helps browsers prevent cross site scripting (XSS) and data injection attacks.referrer-policy
missing Add a
Referrer-Policy header. When a visitor navigates from one page to another, browsers often pass along referrer information. The Referrer-Policy header controls how much referrer information a browser can share. This is important to configure when private information is embedded in the path or query string and passed onto an external destination.permissions-policy
missing Add a
Permissions-Policy header. Restrict access to device features like the camera, microphone, location, accelerometer and much more.cross-origin-embedder-policy
missing Add a
Cross-Origin-Embedder-Policy to specify how this page can be loaded by cross-origin resources.cross-origin-opener-policy
missing Add a
Cross-Origin-Opener-Policy header to opt-in into better browser isolation.cross-origin-resource-policy
missing Add a
Cross-Origin-Resource-Policy header to specify who can load this page.x-frame-options
missing Add a
X-Frame-Options header. The X-Frame-Options header prevents this URL from being embedded in an iframe. This protects against clickjacking attacks. Alternatively, set a Content-Security-Policy header with a frame-ancestor directive.x-permitted-cross-domain-policies
missing Add a
X-Permitted-Cross-Domain-Policies header to prevent Flash, Adobe Reader and other clients from sharing data across domains.Questions or feedback? Email dries@buytaert.net.