Open
Cached
·
just now
17
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Basic
default-src; img-src; frame-src; +5 more
default-src 'self' blob: https: data: 'unsafe-eval' 'unsafe-inline' wss://*.pusher.com wss://*.on-aptible.com/ wss://*.gethealthie.com/ wss://*.tokbox.com/ wss://*.theoriginway.com apis.google.com www.googletagmanager.com www.google-analytics.com *.googleapis.com fonts.gstatic.com *.theoriginway.com *.on-aptible.com *.stripe.com code.jquery.com *.launchdarkly.com *.helpscout.net *.mixpanel.com cdn.usefathom.com cdn.raygun.io *.trychameleon.com *.opentok.com cdn.tiny.cloud analytics.tiktok.com *.intercom.io cdn.amplitude.com www.clarity.ms *.pinimg.com cdn.heapanalytics.com bat.bing.com ct.pinterest.com connect.facebook.net cdn.jsdeliver.com js.intercomcdn.com js.userflow.com static.leaddyno.com use.fontawesome.com; img-src * blob: data:; frame-src 'self' https://*.theoriginway.com https: blob:; worker-src 'self' blob: data:; frame-ancestors 'self' https:; media-src 'self' http: https: blob: data:; report-uri https://report-to-api.raygun.com/reports?apikey=UZJFuGm8pxOvQrRGlh7CFw; report-to raygun;
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Consider adding Permissions-Policy to control browser features
Performance Headers
1 headers
Connection
Performance
close
Caching Headers
3 headers
Age
Caching
16399
Etag
Caching
"31ca4aa6079cfb3b67439366baeb5084"
Last-Modified
Caching
Mon, 29 Dec 2025 16:43:50 GMT
Content Headers
2 headers
Content-Length
Content
4424
Content-Type
Content
text/html
Server Headers
1 headers
Server
Server
AmazonS3
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
6 headers
Date
Other
Mon, 29 Dec 2025 16:49:54 GMT
Reporting-Endpoints
Other
raygun="https://report-to-api.raygun.com/reports?apikey=UZJFuGm8pxOvQrRGlh7CFw"
Via
Other
1.1 99f09d677f148868d90673c22dfa156c.cloudfront.net (CloudFront)
X-Amz-Cf-Id
Other
vFbX1CMdX-pWn_J8i49cC4kn0uoYoLTBQ1qyQevfHmthvF-pwsndxQ==
X-Amz-Cf-Pop
Other
IAD89-P4
X-Cache
Other
Error from cloudfront
Recommendations
Enable compression (gzip/brotli) to improve performance
Add Cache-Control header to optimize caching
Analysis completed in 304ms