Open
Cached
·
just now
19
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=15552000; includeSubDomains
Content-Security-Policy
Basic
frame-ancestors; script-src; connect-src; +1 more
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.amplitude.com/ https://*.contentsquare.net https://*.productfruits.com/ https://*.heapanalytics.com https://unpkg.com blob: https://cdnjs.cloudflare.com https://*.stripe.com https://*.azure.net/ https://maps.googleapis.com https://*.statuspage.io https://www.googletagmanager.com https://checkout.flutterwave.com;connect-src 'self' file: data: blob: filesystem: https://*.contentsquare.net https://*.heapanalytics.com https://*.azurewebsites.net https://*.emtech.com https://*.stripe.com https://*.blob.core.windows.net https://*.azure.net https://*.atlassian.com https://www.google-analytics.com https://*.amplitude.com https://*.productfruits.com https://*.metabaseapp.com https://api.flutterwave.com https://api.ravepay.co;frame-src https://*.stripe.com https://*.azure.net https://*.statuspage.io https://*.emtech.com https://*.amplitude.com https://*.productfruits.com https://*.metabaseapp.com blob: https://checkout-v3-ui-prod.f4b-flutterwave.com;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Good
strict-origin
Permissions-Policy
Present
geolocation=(), camera=(), microphone=(), accelerometer=()
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Content-Type-Options: nosniff
Performance Headers
3 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Vary
Performance
Origin
Caching Headers
3 headers
Cache-Control
Caching
no-cache, no-store
Etag
Caching
"0x8DE20F3F671CEED"
Last-Modified
Caching
Tue, 11 Nov 2025 07:28:51 GMT
Content Headers
2 headers
Content-Length
Content
32465
Content-Type
Content
text/html
Server Headers
0 headers
No server headers found
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
6 headers
Date
Other
Fri, 02 Jan 2026 03:58:36 GMT
X-Azure-Ref
Other
20260102T035835Z-16cb8b7df7fdjrhbhC1BL19v9c00000006f000000000drrd
X-Cache
Other
TCP_MISS
X-Fd-Int-Roxy-Purgeid
Other
73811534
X-Ms-Request-Id
Other
596e1697-801e-0028-0b9c-7bd4e7000000
X-Ms-Version
Other
2018-03-28
Recommendations
Enable compression (gzip/brotli) to improve performance