Open
Cached
·
just now
18
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000; preload
Content-Security-Policy
Basic
base-uri; upgrade-insecure-requests; script-src; +5 more
base-uri 'self'; upgrade-insecure-requests; script-src 'self' *.filestackapi.com *.fontawesome.com *.chargebee.com *.appcues.com *.smartsuite.com *.statuspage.io *.intercomcdn.com messenger-apps.intercom.io webview.canny.io canny.io *.intercom.io js.intercomcdn.com hcaptcha.com *.hcaptcha.com cdn.useparagon.com cdn.mxpnl.com cdn4.mxpnl.com googleads.g.doubleclick.net www.googletagmanager.com maps.googleapis.com apis.google.com js.partnerstack.com accounts.google.com ajax.googleapis.com cdnjs.cloudflare.com unpkg.com player.vimeo.com connect.facebook.net youtube.com www.youtube.com static.hotjar.com snap.licdn.com script.hotjar.com *.twitter.com static.files.smartsuite.com google.com www.google.com www.gstatic.com gstatic.com www.drive.google.con drive.google.com *.github.io *.pages.dev *.vercel.app *.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' *.smartsuite.com *.statuspage.io *.intercomcdn.com messenger-apps.intercom.io webview.canny.io canny.io static.filestackapi.com *.typekit.net *.chargebee.com *.appcues.com hcaptcha.com *.hcaptcha.com fonts.googleapis.com youtube.com www.youtube.com static.files.smartsuite.com 'unsafe-inline'; font-src 'self' data: *.smartsuite.com *.statuspage.io *.intercomcdn.com messenger-apps.intercom.io webview.canny.io canny.io *.fontawesome.com fonts.gstatic.com use.typekit.net unpkg.com fonts.intercomcdn.com; manifest-src 'self' *.smartsuite.com *.statuspage.io *.intercomcdn.com messenger-apps.intercom.io webview.canny.io canny.io; form-action 'self' *.smartsuite.com *.statuspage.io *.intercomcdn.com messenger-apps.intercom.io webview.canny.io canny.io
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Present
accelerometer=(), camera=*, geolocation=(), gyroscope=(), magnetometer=(), microphone=*, payment=(), usb=()
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
Performance Headers
1 headers
Connection
Performance
close
Caching Headers
0 headers
No caching headers found
Content Headers
2 headers
Content-Length
Content
23
Content-Type
Content
application/json
Server Headers
1 headers
Server
Server
CloudFront
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
9 headers
Alt-Svc
Other
h3=":443"; ma=86400
Date
Other
Thu, 01 Jan 2026 18:15:10 GMT
Via
Other
1.1 2174e600dd54879ba9f49d0337eeb2dc.cloudfront.net (CloudFront)
X-Amz-Apigw-Id
Other
WhHzYE9CiYcFooQ=
X-Amz-Cf-Id
Other
5TowCVpYAoWmjrFEtoS1A59w9BWLdFgy2A5rnNbGXwV2b4IiVcKoLg==
X-Amz-Cf-Pop
Other
IAD55-P1
X-Amzn-Errortype
Other
ForbiddenException
X-Amzn-Requestid
Other
5f95a75f-6740-426c-af5e-5404dfda93b3
X-Cache
Other
Error from cloudfront
Recommendations
Enable compression (gzip/brotli) to improve performance
Add Cache-Control header to optimize caching