Open
Cached
·
just now
25
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=63072000; includeSubDomains; preload
Content-Security-Policy
Basic
upgrade-insecure-requests; default-src; object-src; +12 more
upgrade-insecure-requests; default-src 'self'; object-src 'none'; frame-ancestors 'self' embed.oneschema.co; form-action 'self'; img-src 'self' data: *.slack-edge.com *.getbeamer.com *.usepylon.com *.s3.eu-west-2.amazonaws.com *.s3.us-west-1.amazonaws.com *.s3.us-east-1.amazonaws.com *.cloudfront.net images.g2crowd.com google.com *.gstatic.com flagcdn.com; font-src 'self' fonts.gstatic.com *.usepylon.com *.getbeamer.com; base-uri 'self'; child-src 'self' blob: embed.oneschema.co; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' internet-up.ably-realtime.com *.usepylon.com *.getbeamer.com cdn.logrocket.io cdn.lr-ingest.io cdn.lr-in.com cdn.lr-in-prod.com cdn.lr-ingest.com cdn.ingest-lr.com cdn.lr-intake.com cdn.intake-lr.com cdn.lrkt-in.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.usepylon.com *.getbeamer.com; connect-src 'self' https: wss: data: internet-up.ably-realtime.com https://cube.omnea.co/cubejs-api/v1/load api.courier.com/client/q *.getbeamer.com https://omnea-app-production.hasura.app/v1/graphql https://api-prod.omnea.co wss://*.execute-api.us-east-1.amazonaws.com *.usepylon.com *.pusher.com *.logrocket.io *.lr-ingest.io *.logrocket.com *.lr-in.com *.lr-in-prod.com *.lr-ingest.com *.ingest-lr.com *.lr-intake.com *.intake-lr.com *.logr-ingest.com *.lrkt-in.com; frame-src 'self' blob: cdn.merge.dev/ embed.oneschema.co/ production-omnea-documents.s3.eu-west-2.amazonaws.com/ *.getbeamer.com; script-src-elem 'self' 'unsafe-inline' cdn.segment.com/ cdn.lr-in-prod.com cdn.merge.dev cdn.logr-ingest.com cdn.lrkt-in.com *.usepylon.com *.getbeamer.com
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Connection
Performance
keep-alive
Vary
Performance
Origin
Caching Headers
3 headers
Age
Caching
1472
Cache-Control
Caching
public, max-age=0, s-maxage=31536000, must-revalidate
Etag
Caching
"gtmjecz2hz2c3"
Content Headers
2 headers
Content-Length
Content
3027
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
X-Powered-By
Server
Next.js
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
11 headers
Date
Other
Wed, 19 Nov 2025 16:42:46 GMT
Document-Policy
Other
js-profiling
Via
Other
1.1 eafa30ac9eebc826d698b6b51868b24a.cloudfront.net (CloudFront)
X-Amz-Cf-Id
Other
-xYFBz35aKatuhYOEpEA1kadFd-Jy_-bNDLSOi9SPZ3L_JWet01prA==
X-Amz-Cf-Pop
Other
IAD55-P6
X-Amzn-Remapped-Content-Length
Other
3027
X-Amzn-Requestid
Other
220acadd-eb91-418e-ac93-947b226baebd
X-Amzn-Trace-Id
Other
Root=1-691df386-21aba59b701d09de10be5736;Parent=080eaab70e004b8e;Sampled=0;Lineage=1:399252e2:0
X-Cache
Other
Hit from cloudfront
X-Dns-Prefetch-Control
Other
on
X-Opennext
Other
1
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology
Analysis completed in 63ms