Open
Cached
·
just now
24
Headers
Detected Technologies from Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Good
connect-src; script-src; frame-src; +10 more
connect-src 'self' https:;script-src 'self' 'unsafe-inline' editor.unlayer.com;frame-src 'self' editor.unlayer.com;img-src 'self' data: blob: dl.airtable.com digitom-media.s3.ap-south-1.amazonaws.com https://active-fellowship-267a2ae36d.media.strapiapp.com https://active-fellowship-267a2ae36d.fra1.digitaloceanspaces.com https://active-fellowship-267a2ae36d.nyc3.digitaloceanspaces.com *.strapi.io;media-src 'self' data: blob: dl.airtable.com digitom-media.s3.ap-south-1.amazonaws.com https://active-fellowship-267a2ae36d.media.strapiapp.com https://active-fellowship-267a2ae36d.fra1.digitaloceanspaces.com https://active-fellowship-267a2ae36d.nyc3.digitaloceanspaces.com *.strapi.io;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Strengthen CSP by removing 'unsafe-eval'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
close
Transfer-Encoding
chunked
Vary
Origin
Caching Headers
1 headers
Cache-Control
private
Content Headers
1 headers
Content-Type
text/html; charset=utf-8
Server Headers
2 headers
Server
cloudflare
X-Powered-By
Strapi <strapi.io>
CORS Headers
2 headers
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
Cookies Headers
1 headers
Set-Cookie
__cf_bm=nJ.DwIa50LhnYcKGqLV5SULPT0me_69smAyOnWi3SP8-1771201953-1.0.1.1-o3QpKkQ9dmlk.xzqnntFpARVGSeKjqNwou_MmTs0IPeWq.v_qoXNb59PMk99IoAejnFRUI.uqXSSAk4UTWaQSeCCf5RIeHZ0kmHV1dfEJKY; path=/; expires=Mon, 16-Feb-26 01:02:33 GMT; domain=.active-fellowship-267a2ae36d.strapiapp.com; HttpOnly; Secure; SameSite=None
Other Headers
9 headers
Alt-Svc
h3=":443"; ma=86400
Cf-Cache-Status
MISS
Cf-Ray
9ce8f2cfd8191f6d-IAD
Date
Mon, 16 Feb 2026 00:32:33 GMT
X-Dns-Prefetch-Control
off
X-Do-App-Origin
4eec16a3-3700-43aa-ae86-b84ecda48d63
X-Do-Orig-Status
200
X-Download-Options
noopen
X-Permitted-Cross-Domain-Policies
none
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology