Open
Cached
·
just now
22
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Basic
base-uri; default-src; worker-src; +11 more
base-uri 'self'; default-src 'self' blob: data: https: ; worker-src 'self' blob:; frame-ancestors 'self' http://localhost:9999 *.paddle.com *.prismic.io https://www.profitwell.com https://paddle.enablix.com https://paddle.letter.ai; media-src 'self' blob: data: https: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.visualwebsiteoptimizer.com app.vwo.com tag.unifyintent.com unifyintent.com *.stackadapt.com *.twitter.com *.iubenda.com connect.facebook.net *.cloudfront.net *.hsforms.com googleads.g.doubleclick.net *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsforms.net *.hsleadflows.net *.hotjar.com *.licdn.com *.ads-twitter.com *.doubleclick.net *.google-analytics.com *.google.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.redditstatic.com *.youtube.com dnf20ypvrc856.cloudfront.net dta8euw1l8gvs.cloudfront.net prod-assets.sequelvideo.com https: ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.visualwebsiteoptimizer.com app.vwo.com tag.unifyintent.com unifyintent.com *.youtube.com *.wistia.com *.licdn.com *.ads-twitter.com *.doubleclick.net *.hotjar.com *.redditstatic.com *.profitwell.com *.bing.com js.hubspot.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net www.clarity.ms *.hs-scripts.com connect.facebook.net *.rudderlabs.com *.influ2.com *.stackadapt.com *.metadata.io *.clearbitscripts.com *.clearbitjs.com *.kustomerapp.com *.qualified.com *.iubenda.com *.netlify.app *.hsforms.net *.googletagmanager.com *.googleapis.com prismic.io *.prismic.io *.mplat-ppcprotect.com status.io dnf20ypvrc856.cloudfront.net dta8euw1l8gvs.cloudfront.net tracking.g2crowd.com cdn.jsdelivr.net/npm/hockeystack@latest/hockeystack.min.js cdn.jsdelivr.net/npm/hockeystack@latest/hockeystack-qualified.min.js js.stripe.com/v3/ cdnjs.cloudflare.com/polyfill/ prod-assets.sequelvideo.com; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com *.cloudfront.net *.youtube.com dnf20ypvrc856.cloudfront.net dta8euw1l8gvs.cloudfront.net s3.amazonaws.com https: blob: ; object-src 'none'; font-src 'self' *.cloudfront.net *.gstatic.com data: https: ; connect-src 'self' *.visualwebsiteoptimizer.com app.vwo.com dnf20ypvrc856.cloudfront.net dta8euw1l8gvs.cloudfront.net *.qualified.com ws: wss: https: data: ; img-src 'self' *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io *.googletagmanager.com *.ctfassets.net *.reddit.com *.cloudfront.net *.ytimg.com *.adsymptotic.com *.ads.linkedin.com t.co *.hubspot.com *.facebook.com *.google.com *.youtube.com *.ggpht.com dnf20ypvrc856.cloudfront.net dta8euw1l8gvs.cloudfront.net chart.googleapis.com wingify-assets.s3.amazonaws.com data: https:; frame-src 'self' paddle.chilipiper.com *.visualwebsiteoptimizer.com app.vwo.com paddle.prismic.io www.googletagmanager.com *.youtube.com *.wistia.net *.wistia.com *.hsforms.com paddle.kustomer.help *.kustomerapp.com *.qualified.com app.netlify.com *.doubleclick.net *.prismic.io www.slideshare.net dnf20ypvrc856.cloudfront.net dta8euw1l8gvs.cloudfront.net js.stripe.com *.sequel.io; upgrade-insecure-requests;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Connection
Performance
close
Vary
Performance
rsc,next-router-state-tree,next-router-prefetch,next-router-segment-prefetch,Accept-Encoding
Caching Headers
3 headers
Age
Caching
239227
Cache-Control
Caching
public,max-age=0,must-revalidate
Etag
Caching
"105i2v4brmdd60o"
Content Headers
2 headers
Content-Length
Content
614377
Content-Type
Content
text/html; charset=utf-8
Server Headers
2 headers
Server
Server
Netlify
X-Powered-By
Server
Next.js
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
7 headers
Cache-Status
Other
"Netlify Edge"; hit
Date
Other
Sun, 18 Jan 2026 18:32:48 GMT
Netlify-Vary
Other
query=__nextDataReq|_rsc,header=x-nextjs-data|x-next-debug-logging|next-router-prefetch|next-router-segment-prefetch|next-router-state-tree|next-url|rsc|accept-encoding,cookie=__prerender_bypass|__next_preview_data
X-Nextjs-Date
Other
Fri, 16 Jan 2026 00:49:05 GMT
X-Nextjs-Prerender
Other
1, 1
X-Nextjs-Stale-Time
Other
300
X-Nf-Request-Id
Other
01KF9634JP0A5KQK94JV8J09QQ
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology