Check Detail
filehippo.com · HEADER
Passed
Grade B
84.6%
Result Detail
HEADERAlerts
- Cross-Origin-Embedder-Policy: Header missing
- Expect-CT: Expect-CT missing
- Access-Control-Allow-Origin: Access-Control-Allow-Origin missing
Normalized headers
| content-security-policy | upgrade-insecure-requests |
|---|---|
| cross-origin-opener-policy | same-origin |
| cross-origin-resource-policy | same-origin |
| origin-agent-cluster | ?1 |
| referrer-policy | strict-origin-when-cross-origin |
| strict-transport-security | max-age=63072000; includeSubDomains; preload |
| x-content-type-options | nosniff |
| x-dns-prefetch-control | off |
| x-download-options | noopen |
| x-frame-options | SAMEORIGIN |
| x-permitted-cross-domain-policies | none |
| x-xss-protection | 0 |
| x-version | 1.982.0 |
| x-resource-id | @filehippo/home |
| x-page-id | home |
| x-request-id | 4045731970 |
| permissions-policy | accelerometer=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=() |
| content-language | en-US |
| cache-control | public,max-age=86400,stale-while-revalidate=600,stale-if-error=31536000 |
| content-type | text/html;charset=utf-8 |
| etag | "zvRSQM+9t8w6IYWPs1LplXCF3PY=" |
| access-control-expose-headers | x-country-code,x-region |
| accept-ranges | bytes |
| date | Wed, 15 Oct 2025 01:49:34 GMT |
| age | 75916 |
| vary | Accept-Encoding |
| x-country-code | DE |
| x-region | BW |
| set-cookie | _swo_pos=5; domain=filehippo.com; max-age=1296000; path=/; secure; ber-country-code=DE; domain=filehippo.com; max-age=1800; path=/; secure; ber-city=neuhausen auf den fildern; domain=filehippo.com; max-age=1800; path=/; secure; ber-region=BW; domain=filehippo.com; max-age=1800; path=/; secure; ber-browser-name=chrome; domain=filehippo.com; max-age=1800; path=/; secure; ber-user-platform-id=windows; domain=filehippo.com; max-age=1800; path=/; secure; ber-device-type=desktop; domain=filehippo.com; max-age=1800; path=/; secure; ber-is-bot=false; domain=filehippo.com; max-age=1800; path=/; secure; ber-is-landing=true; domain=filehippo.com; max-age=1800; path=/; secure; ber-utm-medium=organic; domain=filehippo.com; max-age=1800; path=/; secure; ber-utm-source=; domain=filehippo.com; max-age=1800; path=/; secure; ber-utm-campaign=; domain=filehippo.com; max-age=1800; path=/; secure; utm=medium=organic; domain=filehippo.com; max-age=2592000; path=/; secure |
| alt-svc | h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 |
| content-length | 119460 |
Transport
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| Strict-Transport-Security | ✅ Passed | max-age=63072000; includeSubDomains; preload | max-age>=15768000; includeSubDomains; preload | HSTS policy robust | Critical | Strict-Transport-Security: max-age=63072000; includeSubDomains; preload |
| Expect-CT | ❌ Missing | enforce; max-age>=86400 | Expect-CT missing | Medium | Expect-CT: enforce, max-age=86400, report-uri="https://report.example.com" |
Content Security
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| Content-Security-Policy | ✅ Passed | upgrade-insecure-requests | default-src 'self'; frame-ancestors 'none' | default-src 'self'; frame-ancestors 'none' | Critical | Content-Security-Policy: default-src 'self'; frame-ancestors 'none' |
MIME
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| X-Content-Type-Options | ✅ Passed | nosniff | nosniff | Value matches recommendation | High | X-Content-Type-Options: nosniff |
Framing
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| X-Frame-Options | ✅ Passed | SAMEORIGIN | DENY or SAMEORIGIN | Value accepted | High | X-Frame-Options: DENY |
Privacy
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| Referrer-Policy | ✅ Passed | strict-origin-when-cross-origin | strict-origin-when-cross-origin / same-origin | strict-origin-when-cross-origin | Medium | Referrer-Policy: strict-origin-when-cross-origin |
Browser Features
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| Permissions-Policy | ✅ Passed | accelerometer=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=() | camera=(); geolocation=(); microphone=() | camera=(); geolocation=(); microphone=() | Medium | Permissions-Policy: camera=(), geolocation=(), microphone=() |
Cross-Origin
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| Cross-Origin-Opener-Policy | ✅ Passed | same-origin | same-origin | Value matches recommendation | High | Cross-Origin-Opener-Policy: same-origin |
| Cross-Origin-Embedder-Policy | ❌ Missing | require-corp | Header missing | High | Cross-Origin-Embedder-Policy: require-corp | |
| Cross-Origin-Resource-Policy | ✅ Passed | same-origin | same-origin | Value matches recommendation | Medium | Cross-Origin-Resource-Policy: same-origin |
| Origin-Agent-Cluster | ✅ Passed | ?1 | ?1 | Value matches recommendation | Low | Origin-Agent-Cluster: ?1 |
Caching
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| Cache-Control | ✅ Passed | public,max-age=86400,stale-while-revalidate=600,stale-if-error=31536000 | no-store, private, max-age=0 | no-store, private, max-age=0 | High | Cache-Control: no-store, private, max-age=0 |
Legacy
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| X-Permitted-Cross-Domain-Policies | ✅ Passed | none | none | Value matches recommendation | Low | X-Permitted-Cross-Domain-Policies: none |
CORS
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| Access-Control-Allow-Origin | ❌ Missing | Scoped origin (no wildcard) | Access-Control-Allow-Origin missing | Medium | Access-Control-Allow-Origin: https://app.example.com |
Information Disclosure
| Check name | Status | Actual | Expected | Detail | Severity | Recommendation |
|---|---|---|---|---|---|---|
| Server | ✅ Passed | Header removed or generic | Header not exposed | High | Remove Server header or set to a generic token | |
| X-Powered-By | ✅ Passed | Header removed | Header not exposed | High | Remove X-Powered-By header | |
| X-AspNet-Version | ✅ Passed | Header removed | Header not exposed | Medium | Remove framework version headers |
Raw headers
HTTP/2 200 content-security-policy: upgrade-insecure-requests cross-origin-opener-policy: same-origin cross-origin-resource-policy: same-origin origin-agent-cluster: ?1 referrer-policy: strict-origin-when-cross-origin strict-transport-security: max-age=63072000; includeSubDomains; preload x-content-type-options: nosniff x-dns-prefetch-control: off x-download-options: noopen x-frame-options: SAMEORIGIN x-permitted-cross-domain-policies: none x-xss-protection: 0 x-version: 1.982.0 x-resource-id: @filehippo/home x-page-id: home x-request-id: 4045731970 permissions-policy: accelerometer=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=() content-language: en-US cache-control: public,max-age=86400,stale-while-revalidate=600,stale-if-error=31536000 content-type: text/html;charset=utf-8 etag: "zvRSQM+9t8w6IYWPs1LplXCF3PY=" access-control-expose-headers: x-country-code,x-region accept-ranges: bytes date: Wed, 15 Oct 2025 01:49:34 GMT age: 75916 vary: Accept-Encoding x-country-code: DE x-region: BW set-cookie: _swo_pos=5; domain=filehippo.com; max-age=1296000; path=/; secure set-cookie: ber-country-code=DE; domain=filehippo.com; max-age=1800; path=/; secure set-cookie: ber-city=neuhausen auf den fildern; domain=filehippo.com; max-age=1800; path=/; secure set-cookie: ber-region=BW; domain=filehippo.com; max-age=1800; path=/; secure set-cookie: ber-browser-name=chrome; domain=filehippo.com; max-age=1800; path=/; secure set-cookie: ber-user-platform-id=windows; domain=filehippo.com; max-age=1800; path=/; secure set-cookie: ber-device-type=desktop; domain=filehippo.com; max-age=1800; path=/; secure set-cookie: ber-is-bot=false; domain=filehippo.com; max-age=1800; path=/; secure set-cookie: ber-is-landing=true; domain=filehippo.com; max-age=1800; path=/; secure set-cookie: ber-utm-medium=organic; domain=filehippo.com; max-age=1800; path=/; secure set-cookie: ber-utm-source=; domain=filehippo.com; max-age=1800; path=/; secure set-cookie: ber-utm-campaign=; domain=filehippo.com; max-age=1800; path=/; secure set-cookie: utm=medium=organic; domain=filehippo.com; max-age=2592000; path=/; secure alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length: 119460