Open
Cached
·
just now
17
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Basic
default-src; img-src; frame-src; +5 more
default-src 'self' blob: https: data: 'unsafe-eval' 'unsafe-inline' wss://*.pusher.com wss://*.on-aptible.com/ wss://*.gethealthie.com/ wss://*.tokbox.com/ wss://*.theoriginway.com apis.google.com www.googletagmanager.com www.google-analytics.com *.googleapis.com fonts.gstatic.com *.theoriginway.com *.on-aptible.com *.stripe.com code.jquery.com *.launchdarkly.com *.helpscout.net *.mixpanel.com cdn.usefathom.com cdn.raygun.io *.trychameleon.com *.opentok.com cdn.tiny.cloud analytics.tiktok.com *.intercom.io cdn.amplitude.com www.clarity.ms *.pinimg.com cdn.heapanalytics.com bat.bing.com ct.pinterest.com connect.facebook.net cdn.jsdeliver.com js.intercomcdn.com js.userflow.com static.leaddyno.com use.fontawesome.com; img-src * blob: data:; frame-src 'self' https://*.theoriginway.com https: blob:; worker-src 'self' blob: data:; frame-ancestors 'self' https:; media-src 'self' http: https: blob: data:; report-uri https://report-to-api.raygun.com/reports?apikey=UZJFuGm8pxOvQrRGlh7CFw; report-to raygun;
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Consider adding Permissions-Policy to control browser features
Performance Headers
1 headers
Connection
Performance
close
Caching Headers
3 headers
Age
Caching
71023
Etag
Caching
"a6fe4a5b672fba2a53c5c3444fad69d1"
Last-Modified
Caching
Wed, 24 Dec 2025 02:45:08 GMT
Content Headers
2 headers
Content-Length
Content
4424
Content-Type
Content
text/html
Server Headers
1 headers
Server
Server
AmazonS3
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
6 headers
Date
Other
Sat, 27 Dec 2025 03:03:36 GMT
Reporting-Endpoints
Other
raygun="https://report-to-api.raygun.com/reports?apikey=UZJFuGm8pxOvQrRGlh7CFw"
Via
Other
1.1 7a02cda974acf43f625765ecd92319c8.cloudfront.net (CloudFront)
X-Amz-Cf-Id
Other
CBtX0VGzPUrcuZJomr1HR9sHQ9nel1Eh5wjg0lu3SWqsLdqyjGPr3g==
X-Amz-Cf-Pop
Other
IAD89-P4
X-Cache
Other
Hit from cloudfront
Recommendations
Enable compression (gzip/brotli) to improve performance
Add Cache-Control header to optimize caching
Analysis completed in 146ms