Open
Cached
·
just now
20
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=7776000; includeSubDomains; preload
Content-Security-Policy
Good
base-uri; connect-src; default-src; +11 more
base-uri 'self'; connect-src 'self' blob: ipv4.pdscrb.com *.algolia.net *.algolianet.com *.algolia.io api.attio.com developers.attio.com ingestion.apiary.beehiiv.net ingestion.prod.apiarydata.net www.facebook.com adservice.google.com www.googleadservices.com www.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat ad.doubleclick.net via.intercom.io api.intercom.io api.au.intercom.io api.eu.intercom.io api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io api-ping.intercom.io nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io uploads.intercomcdn.com uploads.intercomcdn.eu uploads.au.intercomcdn.com uploads.eu.intercomcdn.com uploads.intercomusercontent.com *.ads.linkedin.com cdn.linkedin.oribi.io bat.bing.com bat.bing.net *.clarity.ms c.bing.com api-js.mixpanel.com admin.partnerpage.io api.perfalytics.com edge.fullstory.com perfalytics.com rs.fullstory.com *.quora.com conversions-config.reddit.com www.redditstatic.com pixel-config.reddit.com o394581.ingest.sentry.io/api/4505793402896384/ evnt.byspotify.com pixels.spotify.com analytics.twitter.com https://vercel.live wss://ws-us3.pusher.com; default-src 'self'; font-src 'self' fonts.gstatic.com js.intercomcdn.com fonts.intercomcdn.com at.alicdn.com attio.com https://vercel.live https://assets.vercel.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io; frame-ancestors 'self' app.storyblok.com; frame-src 'self' www.facebook.com www.googletagmanager.com *.g.doubleclick.net td.doubleclick.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net perspectivefunnel.co form.typeform.com www.typeform.com https://vercel.live www.youtube-nocookie.com www.youtube.com/embed/ jobs.ashbyhq.com; img-src 'self' verifi.pdscrb.com www.facebook.com googleads.g.doubleclick.net www.google.com google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat ad.doubleclick.net blob: data: js.intercomcdn.com static.intercomassets.com downloads.intercomcdn.com downloads.intercomcdn.eu downloads.au.intercomcdn.com uploads.intercomusercontent.com gifs.intercomcdn.com video-messages.intercomcdn.com messenger-apps.intercom.io messenger-apps.eu.intercom.io messenger-apps.au.intercom.io *.intercom-attachments-1.com *.intercom-attachments.eu *.au.intercom-attachments.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com static.intercomassets.eu static.au.intercomassets.com *.ads.linkedin.com bat.bing.com bat.bing.net *.clarity.ms c.bing.com attio.com content.partnerpage.io api.producthunt.com/widgets/embed-image/v1/featured.svg *.quora.com alb.reddit.com a.storyblok.com/f/234930/ analytics.twitter.com t.co pbs.twimg.com/profile_images/ https://vercel.live https://vercel.com i.vimeocdn.com i.ytimg.com jobs.ashbyhq.com; media-src 'self' js.intercomcdn.com downloads.intercomcdn.com downloads.intercomcdn.eu downloads.au.intercomcdn.com a.storyblok.com/f/234930/; object-src 'none'; script-src 'self' 'unsafe-inline' d34r8q7sht0t9k.cloudfront.net s3.amazonaws.com/beehiiv-adnetwork-production/ ajax.cloudflare.com connect.facebook.net www.googleadservices.com www.google.com www.googletagmanager.com *.google-analytics.com *.g.doubleclick.net apis.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googletagmanager.com app.intercom.io widget.intercom.io js.intercomcdn.com snap.licdn.com bat.bing.com bat.bing.net *.clarity.ms c.bing.com cdn.mxpnl.com code.jquery.com edge.fullstory.com js.partnerpage.io perfalytics.com js-temp-backup.partnerpage.io perspectivefunnel.co *.quora.com www.redditstatic.com pixel.byspotify.com pixels.spotify.com app.storyblok.com/* static.ads-twitter.com va.vercel-scripts.com https://vercel.live cdn.jsdelivr.net/gh/paulirish/ www.youtube.com jobs.ashbyhq.com; style-src 'self' 'unsafe-inline' cdn.partnerpage.io fonts.googleapis.com https://vercel.live cdn.jsdelivr.net/gh/paulirish/; worker-src 'self' intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net; report-uri o394581.ingest.sentry.io/api/4505793402896384/security/?sentry_key=afceb9e6ddac6219e4bf7c3e2fc69c53
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Strengthen CSP by removing 'unsafe-eval'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, accept-encoding
Caching Headers
2 headers
Age
Caching
1496
Cache-Control
Caching
public, max-age=0, must-revalidate
Content Headers
2 headers
Content-Disposition
Content
inline
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
Server
Server
cloudflare
CORS Headers
1 headers
Access-Control-Allow-Origin
Cors
*
Cookies Headers
0 headers
No cookies headers found
Other Headers
8 headers
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
9bcc54734f89390e-IAD
Date
Other
Mon, 12 Jan 2026 11:31:51 GMT
X-Matched-Path
Other
/
X-Nextjs-Prerender
Other
1
X-Nextjs-Stale-Time
Other
300
X-Vercel-Cache
Other
HIT
X-Vercel-Id
Other
iad1::dq8mf-1768217510962-56ca29df242b
Recommendations
Enable compression (gzip/brotli) to improve performance