Open
Cached
·
just now
18
Headers
Detected Technologies from Headers
AWS CloudFront
Chili Piper
Canny
Google Tag Manager
Bugsnag
G2
Fullstory
Mutiny
HubSpot Forms
Google DoubleClick
Google Analytics
Google Conversion Tracking
ClearBit
Mixpanel
Sprig
Segment
Google Static File Front End
Google API JS Client
Google Fonts
LinkedIn
Zendesk
Microsoft ASP.NET CDN
Zoom
Stripe
Slack
BootstrapCDN
Adobe Marketo
Microsoft SharePoint
Facebook
Amazon S3
DigitalOcean Spaces
Cloudflare CDNJS
Salesforce Pardot
PostHog
HubSpot
Intercom
YouTube
Sentry
jsDelivr
Google Cloud
Google Cloud Storage
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=63072000; includeSubDomains; preload
X-Frame-Options
Excellent
deny
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
Connection
close
connection: close
Caching Headers
No caching headers found
Content Headers
Content-Length
3
Content-Type
text/plain; charset=UTF-8
content-length: 3 content-type: text/plain; charset=UTF-8
Server Headers
No server headers found
CORS Headers
Access-Control-Allow-Credentials
false
Access-Control-Allow-Headers
X-Requested-With,X-Prototype-Version,Content-Type,Cache-Control,Pragma,Origin,Cookie,Authorization,x-cluster-session
Access-Control-Allow-Methods
*
Access-Control-Allow-Origin
*
access-control-allow-credentials: false access-control-allow-headers: X-Requested-With,X-Prototype-Version,Content-Type,Cache-Control,Pragma,Origin,Cookie,Authorization,x-cluster-session access-control-allow-methods: * access-control-allow-origin: *
Cookies Headers
Other Headers
Alt-Svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Date
Mon, 23 Feb 2026 18:33:41 GMT
Via
1.1 google
X-Content-Security-Policy
default-src 'self' blob: data: wss://*.chilipiper.com wss://*.chilipiper.io wss://*.chilipiper.cool wss://*.chilipiper.team https://*.chilipiper.com https://*.chilipiper.io https://*.chilipiper.cool https://*.chilipiper.team https://rollout.ada.support https://static.ada.support https://chilipipergen.ada.support https://www.google-analytics.com https://www.googletagmanager.com https://static2.sharepointonline.com https://ajax.aspnetcdn.com https://telemetryservice.firstpartyapps.oaspapps.com https://appsforoffice.microsoft.com https://*.rollout.io https://*.cloudbees.io/ https://*.facebook.com https://*.marketo.com https://*.mixpanel.com https://*.hubspot.com https://*.pardot.com https://*.getdrip.com https://*.google.com https://*.googleapis.com https://*.hsforms.net https://*.clearbit.com https://www.youtube.com https://s3.amazonaws.com https://sentry.io https://cdn.ravenjs.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://twemoji.maxcdn.com https://*.cloudfront.net https://intercom-sheets.com https://static.intercomassets.com https://js.intercomcdn.com https://cdn.segment.com https://api.segment.io https://maxcdn.bootstrapcdn.com https://*.intercom.io https://*.mutinycdn.com https://*.mutinyhq.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://*.bugsnag.com https://zoom.us https://*.gotomeeting.com https://*.rollout.io https://*.codox.io https://cdn.tiny.cloud https://js.stripe.com https://*.zdassets.com https://*.zendesk.com https://*.zopim.com wss://chilipiper.zendesk.com wss://*.zopim.com https://*.googleusercontent.com https://*.facebook.net https://*.doubleclick.net https://*.licdn.com https://*.googleadservices.com https://*.digitaloceanspaces.com https://*.ingest.sentry.io https://*.ingest.us.sentry.io https://canny.io https://*.canny.io https://edge.fullstory.com https://rs.fullstory.com https://*.lr-in-prod.com https://*.lrkt-in.com https://*.lgrckt-in.com https://*.planhat.com https://*.sprig.com https://com-chilipiper-prod1.mini.snplow.net https://com-chilipiper-prod1.collector.snplow.net https://fast.chameleon.io https://js.chargify.com https://selfservice.maxio.com https://*.gong.io https://hooks.slack.com https://api-inference.huggingface.co https://*.logr-ingest.com https://*.posthog.com https://*.candu.ai https://media.candulabs.com https://www.gstatic.com https://www.g2.com 'unsafe-inline' 'wasm-unsafe-eval'; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com https://js.intercomcdn.com; img-src * data: blob: 'unsafe-inline';
X-Permitted-Cross-Domain-Policies
master-only
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date: Mon, 23 Feb 2026 18:33:41 GMT via: 1.1 google x-content-security-policy: default-src 'self' blob: data: wss://*.chilipiper.com wss://*.chilipiper.io wss://*.chilipiper.cool wss://*.chilipiper.team https://*.chilipiper.com https://*.chilipiper.io https://*.chilipiper.cool https://*.chilipiper.team https://rollout.ada.support https://static.ada.support https://chilipipergen.ada.support https://www.google-analytics.com https://www.googletagmanager.com https://static2.sharepointonline.com https://ajax.aspnetcdn.com https://telemetryservice.firstpartyapps.oaspapps.com https://appsforoffice.microsoft.com https://*.rollout.io https://*.cloudbees.io/ https://*.facebook.com https://*.marketo.com https://*.mixpanel.com https://*.hubspot.com https://*.pardot.com https://*.getdrip.com https://*.google.com https://*.googleapis.com https://*.hsforms.net https://*.clearbit.com https://www.youtube.com https://s3.amazonaws.com https://sentry.io https://cdn.ravenjs.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://twemoji.maxcdn.com https://*.cloudfront.net https://intercom-sheets.com https://static.intercomassets.com https://js.intercomcdn.com https://cdn.segment.com https://api.segment.io https://maxcdn.bootstrapcdn.com https://*.intercom.io https://*.mutinycdn.com https://*.mutinyhq.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://*.bugsnag.com https://zoom.us https://*.gotomeeting.com https://*.rollout.io https://*.codox.io https://cdn.tiny.cloud https://js.stripe.com https://*.zdassets.com https://*.zendesk.com https://*.zopim.com wss://chilipiper.zendesk.com wss://*.zopim.com https://*.googleusercontent.com https://*.facebook.net https://*.doubleclick.net https://*.licdn.com https://*.googleadservices.com https://*.digitaloceanspaces.com https://*.ingest.sentry.io https://*.ingest.us.sentry.io https://canny.io https://*.canny.io https://edge.fullstory.com https://rs.fullstory.com https://*.lr-in-prod.com https://*.lrkt-in.com https://*.lgrckt-in.com https://*.planhat.com https://*.sprig.com https://com-chilipiper-prod1.mini.snplow.net https://com-chilipiper-prod1.collector.snplow.net https://fast.chameleon.io https://js.chargify.com https://selfservice.maxio.com https://*.gong.io https://hooks.slack.com https://api-inference.huggingface.co https://*.logr-ingest.com https://*.posthog.com https://*.candu.ai https://media.candulabs.com https://www.gstatic.com https://www.g2.com 'unsafe-inline' 'wasm-unsafe-eval'; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com https://js.intercomcdn.com; img-src * data: blob: 'unsafe-inline'; x-permitted-cross-domain-policies: master-only
Recommendations
Enable compression (gzip/brotli) to improve performance
Add Cache-Control header to optimize caching