Open
Cached
·
just now
19
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Basic
base-uri; object-src; form-action; +12 more
base-uri 'self'; object-src 'none'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://snap.licdn.com https://px.ads.linkedin.com https://www.googleadservices.com https://bid.g.doubleclick.net https://googleads.g.doubleclick.net https://js.zi-scripts.com https://cdn.segment.com https://www.gstatic.com https://q.clarity.ms https://www.clarity.ms https://o.clarity.ms https://u.clarity.ms https://scripts.clarity.ms https://dc.services.visualstudio.com https://js.monitor.azure.com https://player.vimeo.com https://vimeo.com https://www.youtube.com https://youtu.be https://sc.lfeeder.com https://unpkg.com https://d35vb5cccm4xzp.cloudfront.net https://d1mj578wat5n4o.cloudfront.net https://ddwl4m2hdecbv.cloudfront.net https://cdn.cookielaw.org https://pi.pardot.com https://cdn.pardot.com https://marketing.altudo.co; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://snap.licdn.com https://px.ads.linkedin.com https://www.googleadservices.com https://bid.g.doubleclick.net https://googleads.g.doubleclick.net https://js.zi-scripts.com https://cdn.segment.com https://www.gstatic.com https://q.clarity.ms https://www.clarity.ms https://o.clarity.ms https://u.clarity.ms https://scripts.clarity.ms https://dc.services.visualstudio.com https://js.monitor.azure.com https://player.vimeo.com https://vimeo.com https://www.youtube.com https://youtu.be https://sc.lfeeder.com https://unpkg.com https://d35vb5cccm4xzp.cloudfront.net https://d1mj578wat5n4o.cloudfront.net https://ddwl4m2hdecbv.cloudfront.net https://cdn.cookielaw.org https://pi.pardot.com https://cdn.pardot.com https://marketing.altudo.co; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net; connect-src 'self' https://altudo-marketing-prod-367860-single.azurewebsites.net https://altudo-marketing-prod-367860-single.azurewebsites.net https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://api.segment.io https://eastus-8.in.applicationinsights.azure.com https://dc.services.visualstudio.com https://api-engage.sitecorecloud.io https://ws.zoominfo.com https://api.turbohire.co https://cdn.segment.com https://altudo-privacy.my.onetrust.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://q.clarity.ms https://www.clarity.ms https://o.clarity.ms https://u.clarity.ms https://*.clarity.ms https://js.zi-scripts.com https://px.ads.linkedin.com https://www.google.com https://noembed.com https://vimeo.com https://player.vimeo.com https://*.vimeo.com https://*.vimeocdn.com https://pro.ip-api.com https://9xgnrndqve.execute-api.us-west-2.amazonaws.com https://*.pardot.com https://*.salesforce.com; img-src 'self' data: blob: https: https://*.pardot.com; font-src 'self' https://fonts.gstatic.com https://use.typekit.net data:; frame-src https://player.vimeo.com https://www.youtube.com https://calendly.com https://www.googletagmanager.com; media-src 'self' https: blob:; worker-src 'self' blob:;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
camera=(), microphone=()
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
Performance Headers
2 headers
Connection
Performance
close
Vary
Performance
Accept-Encoding
Caching Headers
2 headers
Cache-Control
Caching
s-maxage=60, stale-while-revalidate
Etag
Caching
"4epjslg95h3rai"
Content Headers
2 headers
Content-Length
Content
175384
Content-Type
Content
text/html; charset=utf-8
Server Headers
2 headers
Server
Server
Microsoft-IIS/10.0
X-Powered-By
Server
ASP.NET
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
ARRAffinitySameSite=c187fde335071a7fdc9f871543453b91fe00f48cf7b8a6a1586b4beccdd89ba8;Path=/;HttpOnly;SameSite=None;Secure;Domain=www.altudo.co
Other Headers
3 headers
Date
Other
Thu, 15 Jan 2026 09:57:24 GMT
X-Nextjs-Cache
Other
HIT
X-Permitted-Cross-Domain-Policies
Other
none
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology