Open
Cached
·
just now
15
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Basic
default-src; script-src; img-src; +7 more
default-src 'self' *.bizzabo.com *.ext.dev.bizzabo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: * *.bizzabo.com *.ext.dev.bizzabo.com *.algolianet.com https://www.google-analytics.com https://assets.zendesk.com https://static.zdassets.com https://eum.instana.io https://cdnjs.cloudflare.com https://cdn.mxpnl.com https://web-sdk.aptrinsic.com https://www.fullstory.com https://assets.zendesk.com https://widget.intercom.io https://widget.cloudinary.com https://js.intercomcdn.com https://widget-mediator.zopim.com *.twitter.com https://api.filepicker.io https://fast.wistia.net https://js.stripe.com https://dme0ih8comzn4.cloudfront.net https://ssl.google-analytics.com https://www.google.com https://maps.googleapis.com https://api.rollbar.com https://core.spreedly.com https://www.googletagmanager.com https://js.hs-analytics.net *.facebook.net *.facebook.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://s.adroll.com https://cdn.transifex.com https://cdn.mxpnl.com; img-src 'self' data: blob: * *.bizzabo.com *.ext.dev.bizzabo.com https://www.google-analytics.com https://assets.zendesk.com https://res.cloudinary.com https://stats.g.doubleclick.net https://s3.amazonaws.com https://q.stripe.com https://platform.slack-edge.com https://maps.gstatic.com https://maps.googleapis.com https://media.licdn.com https://logo.clearbit.com https://storage.googleapis.com https://web-sdk.aptrinsic.com/; style-src 'self' data: 'unsafe-inline' 'unsafe-eval' * *.bizzabo.com *.ext.dev.bizzabo.com https://fonts.googleapis.com https://assets.zendesk.com https://web-sdk.aptrinsic.com https://fast.fonts.net https://s3.amazonaws.com; font-src 'self' data: * *.bizzabo.com *.ext.dev.bizzabo.com https://fonts.googleapis.com https://fonts.gstatic.com https://web-sdk.aptrinsic.com https://js.intercomcdn.com; frame-src 'self' data: KalturaWebcast: kalturawebcast: * *.cloudfront.net *.bizzabo.com *.ext.dev.bizzabo.com https://assets.zendesk.com https://dialog.filepicker.io https://www.filepicker.io https://looker.bizzabo.com https://bizzabo.api.looker.com https://www.google.com https://fast.wistia.net https://js.stripe.com https://widget.cloudinary.com https://core.spreedly.com https://www.googletagmanager.com; connect-src 'self' * *.bizzabo.com *.ext.dev.bizzabo.com https://*.algolia.net *.algolianet.com wss://*.ext.dev.bizzabo.com wss://realtime.bizzabo.com wss://nexus-websocket-a.intercom.io wss://widget-mediator.zopim.com https://s3.amazonaws.com https://rs.fullstory.com https://esp.aptrinsic.com https://api-iam.intercom.io https://eum-eu-west-1.instana.io https://ekr.zdassets.com https://api.mixpanel.com https://bizzabo.zendesk.com https://api.rollbar.com https://www.filepicker.io https://*.agora.io https://*.edge.agora.io https://*.sd-rtn.com https://*.edge.sd-rtn.com https://*.ap.sd-rtn.com https://*.statscollector.sd-rtn.com wss://*.agora.io wss://*.sd-rtn.com wss://*.ap.sd-rtn.com wss://*.statscollector.sd-rtn.com wss://*.edge.agora.io wss://*.edge.sd-rtn.com https://webrtc-cloud-proxy.sd-rtn.com wss://webrtc-cloud-proxy.sd-rtn.com; media-src 'self' blob: * *.bizzabo.com *.ext.dev.bizzabo.com https://static.zdassets.com https://media.licdn.com https://s3.amazonaws.com; object-src 'self' * https://res.cloudinary.com; child-src 'self' *.bizzabo.com *.ext.dev.bizzabo.com blob:
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
1 headers
Connection
Performance
close
Caching Headers
0 headers
No caching headers found
Content Headers
2 headers
Content-Length
Content
21
Content-Type
Content
text/plain; charset=utf-8
Server Headers
1 headers
Server
Server
cloudflare
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
_cfuvid=TMH94cvL14Jgaa6u2PWGLD4da4Pb3eR0AzV3XIS_yqI-1768517764144-0.0.1.1-604800000; path=/; domain=.bizzabo.com; HttpOnly; Secure; SameSite=None
Other Headers
5 headers
Alt-Svc
Other
h3=":443"; ma=86400
Cf-Apo-Via
Other
origin,host
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
9be8f6d959da57ee-IAD
Date
Other
Thu, 15 Jan 2026 22:56:04 GMT
Recommendations
Enable compression (gzip/brotli) to improve performance
Add Cache-Control header to optimize caching