| Score |
|---|
G |
| Missing Header | Description |
|---|---|
| Strict-Transport-Security | Enforces secure (HTTP over SSL/TLS) connections to the server. |
| Content-Security-Policy | Helps prevent Cross-Site Scripting (XSS) attacks. |
| Referrer-Policy | Controls how much referrer information should be included with requests. |
| Permissions-Policy | Manages which browser features and APIs a page can use. |
| Expect-CT | Ensures that browsers enforce Certificate Transparency. |
| Access-Control-Allow-Origin | Controls which origins are allowed to access resources on the server. |
| Header Issue |
|---|
| X-XSS-Protection should be 1; mode=block |
| Header Name | Value |
|---|---|
| Content-Type | application/binary |
| Cache-Control | no-cache, no-store, max-age=0, must-revalidate |
| Pragma | no-cache |
| Expires | Mon, 01 Jan 1990 00:00:00 GMT |
| Date | Sun, 02 Mar 2025 11:45:57 GMT |
| Location | https://aistudio.google.com/ |
| Content-Length | 0 |
| Server | ESF |
| X-XSS-Protection | 0 |
| X-Frame-Options | SAMEORIGIN |
| X-Content-Type-Options | nosniff |