Header über PHP build
with plugin Header, Sicherheit, Erweitert & HSTS, WP
Without cache
curl -I https://www.it-tkcloud.de/
HTTP/2 200
server: openresty
date: Thu, 04 Jun 2026 13:55:14 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.3.31
vary: Accept-Encoding,Cookie
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type, Authorization
content-security-policy: frame-ancestors 'self'; object-src 'self'; base-uri 'self';
cross-origin-embedder-policy: unsafe-none; report-to='default'
cross-origin-embedder-policy-report-only: unsafe-none; report-to='default'
cross-origin-opener-policy: unsafe-none
cross-origin-opener-policy-report-only: unsafe-none; report-to='default'
cross-origin-resource-policy: cross-origin
permissions-policy: camera=(), microphone=(), geolocation=(), payment=(), usb=(), fullscreen=(self), clipboard-write=(self)
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-security-policy: default-src 'self'; img-src *; media-src * data:;
x-content-type-options: nosniff
x-frame-options: DENY
x-permitted-cross-domain-policies: none
link: https://www.it-tkcloud.de/wp-json/; rel="https://api.w.org/"
link: https://www.it-tkcloud.de/wp-json/wp/v2/pages/168; rel="alternate"; title="JSON"; type="application/json"
link: https://www.it-tkcloud.de/; rel=shortlink
x-served-by: www.it-tkcloud.de
with cache (simple)
curl -I https://www.it-tkcloud.de/
HTTP/2 200
server: openresty
date: Thu, 04 Jun 2026 13:56:07 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.3.31
vary: Accept-Encoding,Cookie
content-security-policy: frame-ancestors 'self'; object-src 'self'; base-uri 'self';
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-security-policy: default-src 'self'; img-src *; media-src * data:;
x-content-type-options: nosniff
x-frame-options: DENY
link: https://www.it-tkcloud.de/wp-json/; rel="https://api.w.org/", https://www.it-tkcloud.de/wp-json/wp/v2/pages/168; rel="alternate"; title="JSON"; type="application/json", https://www.it-tkcloud.de/; rel=shortlink
x-served-by: www.it-tkcloud.de
Not all policies who generatet with PHP are in the static cache side.
I need the policy
permissions-policy: camera=(), microphone=(), geolocation=(), payment=(), usb=(), fullscreen=(self), clipboard-write=(self)
Header über PHP build
with plugin Header, Sicherheit, Erweitert & HSTS, WP
Without cache
curl -I https://www.it-tkcloud.de/
HTTP/2 200
server: openresty
date: Thu, 04 Jun 2026 13:55:14 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.3.31
vary: Accept-Encoding,Cookie
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type, Authorization
content-security-policy: frame-ancestors 'self'; object-src 'self'; base-uri 'self';
cross-origin-embedder-policy: unsafe-none; report-to='default'
cross-origin-embedder-policy-report-only: unsafe-none; report-to='default'
cross-origin-opener-policy: unsafe-none
cross-origin-opener-policy-report-only: unsafe-none; report-to='default'
cross-origin-resource-policy: cross-origin
permissions-policy: camera=(), microphone=(), geolocation=(), payment=(), usb=(), fullscreen=(self), clipboard-write=(self)
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-security-policy: default-src 'self'; img-src *; media-src * data:;
x-content-type-options: nosniff
x-frame-options: DENY
x-permitted-cross-domain-policies: none
link: https://www.it-tkcloud.de/wp-json/; rel="https://api.w.org/"
link: https://www.it-tkcloud.de/wp-json/wp/v2/pages/168; rel="alternate"; title="JSON"; type="application/json"
link: https://www.it-tkcloud.de/; rel=shortlink
x-served-by: www.it-tkcloud.de
with cache (simple)
curl -I https://www.it-tkcloud.de/
HTTP/2 200
server: openresty
date: Thu, 04 Jun 2026 13:56:07 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.3.31
vary: Accept-Encoding,Cookie
content-security-policy: frame-ancestors 'self'; object-src 'self'; base-uri 'self';
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-security-policy: default-src 'self'; img-src *; media-src * data:;
x-content-type-options: nosniff
x-frame-options: DENY
link: https://www.it-tkcloud.de/wp-json/; rel="https://api.w.org/", https://www.it-tkcloud.de/wp-json/wp/v2/pages/168; rel="alternate"; title="JSON"; type="application/json", https://www.it-tkcloud.de/; rel=shortlink
x-served-by: www.it-tkcloud.de
Not all policies who generatet with PHP are in the static cache side.
I need the policy
permissions-policy: camera=(), microphone=(), geolocation=(), payment=(), usb=(), fullscreen=(self), clipboard-write=(self)