HTTP Headers Analysis for https://cicispizza.com

Detected Technologies from Headers

See all in URL Inspect 14

Klaviyo

Adobe Fonts (Typekit)

Calendly

Cloudflare CDN

Facebook

Google Analytics

Google Cloud Storage

Google Conversion Tracking

Google DoubleClick

Google Fonts

Google Tag Manager

jsDelivr

TikTok Analytics

The Trade Desk

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=15552000

Content-Security-Policy

Good

default-src; script-src; style-src; +8 more

default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.googletagservices.com https://www.googlesyndication.com https://ad.doubleclick.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.cicis.com https://connect.facebook.net https://code.jquery.com https://static.klaviyo.com https://static-tracking.klaviyo.com https://record.uptop.com https://adsrvr.org https://assets.calendly.com https://cicis-dev.azurewebsites.net https://maps.googleapis.com https://maps.gstatic.com https://www.cicis.com https://cdn.attn.tv https://ads.nextdoor.com https://www.redditstatic.com https://sc-static.net https://js.adsrvr.org https://analytics.tiktok.com https://record.spotgenie.com https://login-ds.dotomi.com https://tr.snapchat.com https://cdn.jsdelivr.net https://www.gstatic.com https://app.chatsupport.co https://fe.sitedataprocessing.com https://data.processwebsitedata.com https://a.usbrowserspeed.com https://d-code.liadm.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.cicis.com https://cdnjs.cloudflare.com https://maps.gstatic.com https://use.typekit.net https://p.typekit.net; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com https://cdn.cicis.com https://static.klaviyo.com https://use.typekit.net https://storage.googleapis.com; img-src * data: blob:; media-src 'self' https://assets.chatsupport.co; connect-src 'self' https://www.google-analytics.com https://gtm.cicis.com https://www.google.com https://www.googleadservices.com https://ad.doubleclick.net https://www.google.com.ar https://www.googletagmanager.com https://googleads.g.doubleclick.net https://record.uptop.com https://connect.facebook.net https://maps.googleapis.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://cicis.attn.tv https://events.attentivemobile.com https://pixel-config.reddit.com https://www.redditstatic.com https://conversions-config.reddit.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://insight.adsrvr.org https://ads.nextdoor.com https://www.facebook.com https://api.chatsupport.co wss://rtmserver.anywhereworks.com https://idx.liadm.com https://rp.liadm.com; frame-src 'self' https://www.googletagmanager.com https://www.google.com https://ad.doubleclick.net https://www.facebook.com https://td.doubleclick.net https://cicis.jobaline.com https://gtm.cicis.com https://calendly.com *.doubleclick.net https://maps.google.com https://maps.googleapis.com https://tr.snapchat.com https://insight.adsrvr.org https://match.adsrvr.org https://www.youtube.com https://i.liadm.com; worker-src 'self' blob:; object-src 'none'; base-uri 'self';

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer-when-downgrade

Permissions-Policy

Present

accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Strengthen CSP by removing 'unsafe-eval'

Performance Headers

3 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

Caching Headers

0 headers

No caching headers found

Content Headers

1 headers

Content-Type

Content

text/html; charset=utf-8

Server Headers

1 headers

Server

cloudflare

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

ARRAffinitySameSite=04fd3307bca582694613d16630a3e4b57cd49ebfaff9f4029d32b30f9ccfabab;Path=/;HttpOnly;SameSite=None;Secure;Domain=www.cicis.com

Other Headers

4 headers

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9ccf8cae48d407ec-IAD

Date

Other

Thu, 12 Feb 2026 22:33:46 GMT

Request-Context

Other

appId=cid-v1:305a8b31-dc02-4613-9017-df5a65ea35a9

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching