HTTP Headers Analysis for https://app.superpath.io

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=15552000; includeSubDomains

Content-Security-Policy

Basic

default-src; img-src; media-src; +10 more

default-src 'self'; img-src * 'unsafe-inline' 'self' data: *.foundu.com.au *.genially.com *.calendly.com https://calendly.com *.jotform.com *.jotfor.ms; media-src * https://res.cloudinary.com; font-src 'self' https://fonts.gstatic.com https://pro.fontawesome.com https://client.crisp.chat *.genially.com *.jotform.com *.jotfor.ms https://calendly.com *.calendly.com https://js.stripe.com data: https://frill-prod-app.b-cdn.net; worker-src 'self' blob: https://app.superpath.io; style-src 'self' 'unsafe-inline' https://app.superpath.io https://fonts.googleapis.com https://pro.fontawesome.com https://client.crisp.chat *.superpath.dev *.superpath.io *.mili.academy *.mili-academy.dev *.genially.com *.calendly.com *.jotform.com *.jotfor.ms https://calendly.com https://statics-view.genially.com https://widget.frill.co https://learning.farrellventures.com.au https://learning.stockbrokers.org.au https://learn.happyhr.com https://demo.mili.academy https://academy.raisethebar.org.au https://learning.veridapt.com https://thehub.keypathedu.com.au https://thrive.wuchopperen.org.au https://skills.skinkandy.com https://learning.myhubintranet.com https://learning.altusgroup.com.au https://learning.carbongroup.com.au https://spark.hardiegrant.com.au https://learning.nawic.com.au https://learning.richardcrookes.com.au; script-src 'sha256-GvESGdHqY5vKpJeULYmOEvPfngE2Zb622GG30iiaU1U=' 'self' * 'self' 'unsafe-inline' 'unsafe-eval' https://vimeo.com https://app.superpath.io *.google-analytics.com https://client.crisp.chat https://cdn.headwayapp.co/widget.js https://cdn.jsdelivr.net/npm/[email protected]/dist/scorm-again.js https://www.googletagmanager.com https://cdn.lr-ingest.io https://js.stripe.com/v3 https://www.recaptcha.net https://res.cloudinary.com https://dev.mindsmith.ai https://app.mindsmith.ai https://*.mindsmith.ai *.superpath.dev *.superpath.io *.mili.academy *.mili-academy.dev https://sockjs-us3.pusher.com https://sockjs-ap1.pusher.com https://view.genially.com *.genially.com *.calendly.com https://calendly.com https://widget.frill.co *.jotform.com *.jotfor.ms https://learning.farrellventures.com.au https://learning.stockbrokers.org.au https://learn.happyhr.com https://demo.mili.academy https://academy.raisethebar.org.au https://learning.veridapt.com https://thehub.keypathedu.com.au https://thrive.wuchopperen.org.au https://skills.skinkandy.com https://learning.myhubintranet.com https://learning.altusgroup.com.au https://learning.carbongroup.com.au https://spark.hardiegrant.com.au https://learning.nawic.com.au https://learning.richardcrookes.com.au; connect-src https://share.synthesia.io https://*.synthesia.io https://*.wistia.com https://vimeo.com https://us.i.posthog.com https://app.superpath.io https://api.superpath.io *.google-analytics.com https://www.googleapis.com https://www.google.com.au https://www.recaptcha.net ws://ws-us3.pusher.com ws://ws-ap1.pusher.com data: https://analytics.google.com https://r.lr-ingest.io https://securetoken.googleapis.com https://ipv4.icanhazip.com https://api.ipify.org https://analytics.superpath.dev https://analytics.superpath.io https://analytics.mili-academy.dev https://analytics.mili.academy https://scorm.superpath.dev https://scorm.superpath.io https://scorm.mili-academy.dev https://scorm.mili.academy wss://client.relay.crisp.chat https://client.crisp.chat https://res.cloudinary.com https://dev.mindsmith.ai https://app.mindsmith.ai https://*.mindsmith.ai *.genially.com https://calendly.com *.calendly.com *.superpath.dev *.superpath.io *.mili.academy *.mili-academy.dev https://view.genially.com https://s3.eu-west-1.amazonaws.com https://audios.genially.com https://widget.frill.co https://learning.farrellventures.com.au https://learning.stockbrokers.org.au https://learn.happyhr.com https://demo.mili.academy https://academy.raisethebar.org.au https://learning.veridapt.com https://thehub.keypathedu.com.au https://thrive.wuchopperen.org.au https://skills.skinkandy.com https://learning.myhubintranet.com https://learning.altusgroup.com.au https://learning.carbongroup.com.au https://spark.hardiegrant.com.au https://learning.nawic.com.au https://learning.richardcrookes.com.au; form-action 'self'; frame-src 'self' https://js.stripe.com/ https://www.recaptcha.net https://*.zoom.us/ https://www.loom.com/ https://share.synthesia.io/ https://*.wistia.com/ https://vimeo.com/ https://player.vimeo.com https://www.youtube.com https://app.superpath.dev https://app.superpath.io https://app.mili.academy https://app.mili-academy.dev https://superpath-web-dev.firebaseapp.com https://dev.mindsmith.ai https://app.mindsmith.ai https://*.mindsmith.ai https://td.doubleclick.net/ https://view.genially.com *.genially.com https://calendly.com *.calendly.com *.superpath.io *.superpath.dev *.mili.academy *.mili-academy.dev *.synthesia.io share.synthesia.io https://upload-widget.cloudinary.com https://res.cloudinary.com https://docs.google.com https://widget.frill.co *.jotform.com *.jotfor.ms https://learning.farrellventures.com.au https://learning.stockbrokers.org.au https://learn.happyhr.com https://demo.mili.academy https://academy.raisethebar.org.au https://learning.veridapt.com https://thehub.keypathedu.com.au https://thrive.wuchopperen.org.au https://skills.skinkandy.com https://learning.myhubintranet.com https://learning.altusgroup.com.au https://learning.carbongroup.com.au https://spark.hardiegrant.com.au https://learning.nawic.com.au https://learning.richardcrookes.com.au; frame-ancestors 'self' https://www.loom.com https://*.wistia.com https://share.synthesia.io https://*.synthesia.io https://calendly.com *.calendly.com *.jotform.com *.jotfor.ms; object-src 'none'; base-uri https://app.superpath.io https://learning.farrellventures.com.au https://learning.stockbrokers.org.au https://learn.happyhr.com https://demo.mili.academy https://academy.raisethebar.org.au https://learning.veridapt.com https://thehub.keypathedu.com.au https://thrive.wuchopperen.org.au https://skills.skinkandy.com https://learning.myhubintranet.com https://learning.altusgroup.com.au https://learning.carbongroup.com.au https://spark.hardiegrant.com.au https://learning.nawic.com.au https://learning.richardcrookes.com.au

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

Caching Headers

2 headers

Cache-Control

Caching

private

Expires

Caching

Tue, 13 Jan 2026 06:35:05 GMT

Content Headers

1 headers

Content-Type

Content

text/html; charset=utf-8

Server Headers

1 headers

Server

cloudflare

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

i18n_redirected=en; Max-Age=31536000; Path=/; SameSite=Lax

Other Headers

8 headers

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9bd2df206d61801d-IAD

Date

Other

Tue, 13 Jan 2026 06:35:05 GMT

Nel

Other

{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}

Report-To

Other

{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=uy3L6LeeQkN3e3qlqefcVWZZvVh3rcDGY0Lsq2J5uRDgCN36S0pN4GgR6tXxumzFklvPl5eb3ofx50yv3mSUl%2B%2FpxCu3cXl%2B34yT0opW7g%3D%3D"}]}

X-Dns-Prefetch-Control

Other

off

X-Download-Options

Other

noopen

X-Permitted-Cross-Domain-Policies

Other

none

Recommendations

Enable compression (gzip/brotli) to improve performance