{
    "url": "https://www.purnells.co.uk/what-happens-when-a-company-goes-into-liquidation",
    "score": 6,
    "summary": {
        "missing": 10,
        "warnings": 1,
        "notices": 0
    },
    "caches": [
        "Website",
        "Browser"
    ],
    "headers": {
        "cache-control": {
            "value": "\"no-store\"",
            "findings": [
                {
                    "severity": "warning",
                    "message": "<code>no-store</code> means the response may <em>not</em> be stored in <em>any</em> cache, including the browser's cache. Every request will hit the origin server. If this page can be cached, consider using <code>public</code> with an appropriate <code>max-age</code>."
                }
            ]
        },
        "content-type": {
            "value": "text/html; charset=utf-8",
            "findings": [
                {
                    "severity": "info",
                    "message": "The type of the message body, specified as a <a href=\"https://en.wikipedia.org/wiki/Media_type\">MIME type</a>."
                }
            ]
        },
        "content-encoding": {
            "value": "gzip",
            "findings": [
                {
                    "severity": "info",
                    "message": "Specifies how the resource is <em>compressed</em>. Not to be confused with <code>Transfer-Encoding</code> which specifies how the data is transferred."
                },
                {
                    "severity": "info",
                    "message": "<code>gzip</code> means that the data is compressed with <code>gzip</code>."
                }
            ]
        },
        "vary": {
            "value": "accept-encoding",
            "findings": [
                {
                    "severity": "info",
                    "message": "The <code>Vary</code> header specifies a list of headers that must be considered when caching responses. For a cached response to be used, these headers must match between the cached response and the new request. This ensures that the appropriate version of a resource is served based on factors like language, encoding, or device type."
                }
            ]
        },
        "date": {
            "value": "fri, 26 jun 2026 22:03:23 gmt",
            "findings": [
                {
                    "severity": "info",
                    "message": "The date and time at which the request was made. A browser uses it for age calculations rather than using its own internal date and time; e.g. when comparing against <code>Max-Age</code> or <code>Expires</code>."
                }
            ]
        },
        "content-length": {
            "value": "10224",
            "findings": [
                {
                    "severity": "info",
                    "message": "The size of the message body, in bytes."
                }
            ]
        }
    },
    "missing": {
        "strict-transport-security": {
            "message": "Add a <code>Strict-Transport-Security</code> header. The <code>Strict-Transport-Security</code> header or <i>HSTS</i> header is used to instruct browsers to only use HTTPS, instead of using HTTP. It helps enforce secure communication."
        },
        "content-security-policy": {
            "message": "Add a <code>Content-Security-Policy</code> header. The <code>Content-Security-Policy</code> header helps browsers prevent cross site scripting (XSS) and data injection attacks."
        },
        "referrer-policy": {
            "message": "Add a <code>Referrer-Policy</code> header. When a visitor navigates from one page to another, browsers often pass along <em>referrer information</em>. The <code>Referrer-Policy</code> header controls how much referrer information a browser can share. This is important to configure when private information is embedded in the <i>path</i> or <i>query string</i> and passed onto an external destination."
        },
        "permissions-policy": {
            "message": "Add a <code>Permissions-Policy</code> header. Restrict access to device features like the camera, microphone, location, accelerometer and much more."
        },
        "cross-origin-embedder-policy": {
            "message": "Add a <code>Cross-Origin-Embedder-Policy</code> header. It requires cross-origin resources to explicitly consent before this page can load them, protecting those resources from being exposed to Spectre-style timing attacks. Together with <code>Cross-Origin-Opener-Policy</code>, it enables cross-origin isolation and access to <code>SharedArrayBuffer</code>."
        },
        "cross-origin-opener-policy": {
            "message": "Add a <code>Cross-Origin-Opener-Policy</code> header. It prevents other sites from retaining a <code>window</code> reference to this page when opened via <code>window.open()</code> or navigation, blocking script-based attacks through shared browsing contexts."
        },
        "cross-origin-resource-policy": {
            "message": "Add a <code>Cross-Origin-Resource-Policy</code> header. It controls which origins can embed or load this page's resources (images, scripts, etc.), preventing hotlinking and cross-origin data leaks."
        },
        "x-frame-options": {
            "message": "Add a <code>X-Frame-Options</code> header. The <code>X-Frame-Options</code> header prevents this URL from being embedded in an <code>iframe</code>. This protects against clickjacking attacks. Alternatively, set a <code>Content-Security-Policy</code> header with a <code>frame-ancestors</code> directive."
        },
        "x-content-type-options": {
            "message": "Add an <code>X-Content-Type-Options: nosniff</code> header to prevent browsers from MIME type sniffing. Without it, browsers may interpret files as a different content type than intended, which can lead to security vulnerabilities."
        },
        "x-permitted-cross-domain-policies": {
            "message": "Add a <code>X-Permitted-Cross-Domain-Policies</code> header to prevent Flash, Adobe Reader and other clients from sharing data across domains."
        }
    }
}