Security Headers Test

PERMISSIONS-POLICY

Restricts feature access.

X-FRAME-OPTIONS

Prevents clickjacking.

X-CONTENT-TYPE-OPTIONS

Prevents MIME-type sniffing.

X-XSS-PROTECTION

Blocks XSS attacks.

REFERRER-POLICY

Controls Referer header.

X-PERMITTED-CROSS-DOMAIN-POLICIES

Manages cross-domain requests.

STRICT-TRANSPORT-SECURITY

Ensures HTTPS-only access.

CONTENT-SECURITY-POLICY

Protects from XSS.

Connection

keep-alive

Content-Length

3800

Server

Apache

Last-Modified

Mon, 05 May 2025 19:34:01 GMT

ETag

"34aa-634689503a1db-gzip"

Content-Encoding

gzip

Access-Control-Allow-Origin

*

Content-Security-Policy

default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ ; style-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ ; frame-ancestors 'self'; frame-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ ; worker-src 'self' data: blob:;

Content-Type

text/html

Via

1.1 varnish, 1.1 varnish

Accept-Ranges

bytes

Age

11903

Date

Wed, 07 May 2025 17:48:52 GMT

X-Served-By

cache-hel1410029-HEL, cache-bom4747-BOM

X-Cache

HIT, HIT

X-Cache-Hits

64, 0

X-Timer

S1746640132.481261,VS0,VE1

Vary

Accept-Encoding

Strict-Transport-Security

max-age=31536000; includeSubDomains; preload