Overall Security Grade
The security headers for initial-example.com have been analyzed, resulting in a grade of D. The configuration is generally good, with potential for minor enhancements.
HTTPS Available
Site is accessible via HTTPS.
Redirects to HTTPS
HTTP traffic is automatically redirected to HTTPS.
Detected HTTP Headers
example-insecure-value; some-flag
Ensures browsers only connect via HTTPS.
Recommendation:
Review the configuration of Strict-Transport-Security for optimal security. Expected: max-age=31536000; includeSubDomains; preload
Header not detected.
Controls resources the browser is allowed to load.
Recommendation:
The Content-Security-Policy header is missing. Implementing it is recommended for enhanced security.
example-insecure-value; some-flag
Protects against clickjacking attacks.
Recommendation:
Review the configuration of X-Frame-Options for optimal security. Expected: SAMEORIGIN
nosniff
Prevents MIME-sniffing.
Header not detected.
Controls how much referrer information is sent.
Recommendation:
The Referrer-Policy header is missing. Implementing it is recommended for enhanced security.
geolocation=(), microphone=(), camera=()
Controls access to browser features.
MockServer/0.4
Information about the web server software.
Sat, 06 Dec 2025 15:56:11 GMT
The date and time the message was originated.
text/html; charset=utf-8
The media type of the resource.
General Recommendations
Enable HTTPS
Ensure your website is served over HTTPS to encrypt data in transit.
Keep Software Updated
Regularly update your server software, CMS, and plugins to patch vulnerabilities.