Open
Cached
·
just now
23
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=63072000; includeSubDomains; preload
Content-Security-Policy
Basic
script-src; object-src; font-src; +5 more
script-src 'self' api.braintreegateway.com api.sandbox.braintreegateway.com *.braintree-api.com hcaptcha.com *.hcaptcha.com www.hey.com *.sentry-cdn.com beacon-v2.helpscout.net 'nonce-da39a3ee5e6b4b0d3255bfef95601890afd80709'; object-src 'self'; font-src 'self' blob: data: fonts.gstatic.com https://gopher.hey.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://gopher.hey.com; img-src 'self' blob: data: storage.hey.com d33v4339jhl8k0.cloudfront.net https://gopher.hey.com hcaptcha.com *.hcaptcha.com world.hey.com; base-uri 'none'; form-action 'self'; frame-ancestors 'self'
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Connection
Performance
close
Vary
Performance
Sec-Fetch-Site
Caching Headers
2 headers
Cache-Control
Caching
max-age=0, private, must-revalidate
Etag
Caching
W/"5927c93c17b9e28873c2b8d579810329"
Content Headers
2 headers
Content-Length
Content
83453
Content-Type
Content
text/html; charset=utf-8
Server Headers
2 headers
Server
Server
cloudflare
X-Runtime
Server
0.008016
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
_haystack_session=JlPY%2BxS8F%2BWN4z3NrSYAug6HdE8YBXkCeTyXdhecTCuQZf09CtGJe9yFiKyitvJRqNs3S7fB8lpC8pL6j7AWNx8q7eBwQDAGgGOZ9JAaaorSnE2asbySsjKPMQ3LhWUP%2FQuMzlnvVPjp3rC2HUCP6Vb5NDWKIuDnSwALb6OgO2EvVXc5lkfu4uT36WFdmV7nMa7rBMXNFNLGZPO8x2cQw8pM4JS0qZ%2FJdIifrb7lsuGFG3VdxREIXG0TiDiqOPPFfxE%2BnInIbXFB8nvEwkYcHQIL5uqi9Kdofw%3D%3D--bhwnbRHxvhlyTpAc--MDWQOVr%2B3JgfSNHtwKEKrA%3D%3D; path=/; secure; httponly; samesite=lax
Other Headers
8 headers
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
9be9321f6efee63f-IAD
Date
Other
Thu, 15 Jan 2026 23:36:31 GMT
Link
Other
</assets/date_time_picker-28c42b12.css>; rel=preload; as=style; nopush,</assets/web/accounts-c1c0ad40.css>; rel=preload; as=style; nopush,</assets/web/actiontext-873d4552.css>; rel=preload; as=style; nopush,</assets/web/animation-keyframes-33d67fce.css>; rel=preload; as=style; nopush,</assets/web/attachments-ical-5cf13a1b.css>; rel=preload; as=style; nopush,</assets/web/attachments-ed80a69b.css>; rel=preload; as=style; nopush,</assets/web/base-a2fa4d53.css>; rel=preload; as=style; nopush,</assets/web/blank-slates-a88494f3.css>; rel=preload; as=style; nopush,</assets/web/box-cover-12857074.css>; rel=preload; as=style; nopush,</assets/web/box-glance-693113b1.css>; rel=preload; as=style; nopush,</assets/web/box-groups-9a1e253c.css>; rel=preload; as=style; nopush,</assets/web/calendar/countdowns-695b6442.css>; rel=preload; as=style; nopush,</assets/web/calendar/days-d2b6bf6b.css>; rel=preload; as=style; nopush,</assets/web/calendar/event-popup-7fe2c832.css>; rel=preload; as=style; nopush
Server-Timing
Other
dc;desc=df_iad
X-Permitted-Cross-Domain-Policies
Other
none
X-Ratelimit
Other
{"name":"General","period":60,"limit":1000,"remaining":998,"until":"2026-01-15T23:37:00Z"}
X-Request-Id
Other
3896a0ec-c6a7-44ca-b914-c1cce683409a
Recommendations
Enable compression (gzip/brotli) to improve performance