Open
Cached
·
just now
23
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=63072000; includeSubDomains
Content-Security-Policy
Good
default-src; font-src; img-src; +6 more
default-src 'self' https: wss:; font-src 'self' https: cdn.pendo.io data:; img-src 'self' https: cdn.pendo.io data.pendo.io pendo-static-6311644255813632.storage.googleapis.com app.pendo.io data:; object-src 'none'; script-src 'self' https://cdnjs.cloudflare.com/ajax/libs/airbrake-js/1.1.1/client.min.js *.segment.com *.topfunnel.com *.staging.topfunnel.com *.helpscout.net *.airbrake.io *.merge.dev *.fullstory.com *.sentry-cdn.com *.cookieyes.com cdn-cookieyes.com *.stripe.com *.teamable.com *.app.staging.teamable.com *.googletagmanager.com www.googletagmanager.com *.trychameleon.com *.staging.teamable.com https://d2wrmio161ng5z.cloudfront.net/ cdn.pendo.io pendo-io-static.storage.googleapis.com pendo-static-6311644255813632.storage.googleapis.com data.pendo.io app.pendo.io 'nonce-30k4k98b2H5uK+w0ErIhtw=='; style-src 'self' https: pendo-io-static.storage.googleapis.com pendo-static-6311644255813632.storage.googleapis.com app.pendo.io data: 'unsafe-inline'; worker-src 'self' blob:; report-uri /csp-violation-report; upgrade-insecure-requests
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
geolocation=(), camera=(), microphone=()
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Strengthen CSP by removing 'unsafe-eval'
Performance Headers
2 headers
Connection
Performance
close
Vary
Performance
Accept-Encoding, Origin
Caching Headers
2 headers
Cache-Control
Caching
no-cache, no-store, must-revalidate
Etag
Caching
W/"a341524243100c111ac3c1777afe146e"
Content Headers
2 headers
Content-Length
Content
2462
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
X-Runtime
Server
0.062255
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
_topfunnel-web_session=b6c33420472d7b93bcd19dd54765dfcf; path=/; secure; HttpOnly; SameSite=None
Other Headers
6 headers
Date
Other
Tue, 13 Jan 2026 02:47:41 GMT
Link
Other
</assets/application-73d4f4ee8db445513ea7591e66ddba2611a4f539120509be552ec19b1954cd09.css>; rel=preload; as=style; nopush,<https://cdnjs.cloudflare.com/ajax/libs/airbrake-js/1.1.1/client.min.js>; rel=preload; as=script; crossorigin=anonymous; integrity=sha384-h0QKNlW0VnCEOsIL5LJm5XYn3fw8/n2jO0xGqIMHBMt7WbGqbP7XwiXs+dtpI6mT; nopush,</assets/application-f1c24e3b02ee35083e1eeb7e646abdd7964a57c2288db14386bf6a5ba223bfe0.js>; rel=preload; as=script; nopush
Report-To
Other
{"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"/csp-violation-report"}]}
X-Download-Options
Other
noopen
X-Permitted-Cross-Domain-Policies
Other
none
X-Request-Id
Other
0c9b16a0-852c-4c37-b325-019fbb98478f
Recommendations
Enable compression (gzip/brotli) to improve performance