Overall Security Grade
The security headers for another-site.dev have been analyzed, resulting in a grade of D. The configuration is generally good, with potential for minor enhancements.
HTTPS Available
Site is accessible via HTTPS.
Redirects to HTTPS
HTTP traffic is automatically redirected to HTTPS.
Detected HTTP Headers
example-insecure-value; some-flag
Ensures browsers only connect via HTTPS.
Recommendation:
Review the configuration of Strict-Transport-Security for optimal security. Expected: max-age=31536000; includeSubDomains; preload
default-src 'self'; script-src 'self'; object-src 'none'; frame-ancestors 'none';
Controls resources the browser is allowed to load.
Header not detected.
Protects against clickjacking attacks.
Recommendation:
The X-Frame-Options header is missing. Implementing it is recommended for enhanced security.
nosniff
Prevents MIME-sniffing.
example-insecure-value; some-flag
Controls how much referrer information is sent.
Recommendation:
Review the configuration of Referrer-Policy for optimal security. Expected: strict-origin-when-cross-origin
example-insecure-value; some-flag
Controls access to browser features.
Recommendation:
Review the configuration of Permissions-Policy for optimal security. Expected: geolocation=(), microphone=(), camera=()
MockServer/3.15
Information about the web server software.
Sat, 06 Dec 2025 15:56:33 GMT
The date and time the message was originated.
text/html; charset=utf-8
The media type of the resource.
General Recommendations
Enable HTTPS
Ensure your website is served over HTTPS to encrypt data in transit.
Keep Software Updated
Regularly update your server software, CMS, and plugins to patch vulnerabilities.