Open
Cached
·
just now
19
Headers
Detected Technologies from Headers
Gravatar
YouTube
Google AdSense
Google Maps
Google Tag Manager
WP Engine
Google Hosted Libraries
Google Translate
HubSpot Forms
JotForm
Google DoubleClick
Google Analytics
Google Conversion Tracking
6sense
BugHerd
New Relic
Google Static File Front End
Google API JS Client
Leadfeeder
Google Fonts
Hotjar
LinkedIn
ZoomInfo
HubSpot Analytics
Google Search
Nginx
Facebook
Instagram
OneTrust
Cloudflare CDNJS
Salesforce Pardot
Vimeo
HubSpot
HubSpot Live Chat
Google Cloud
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=63072000; includeSubDomains
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer-when-downgrade
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
Accept-Ranges
bytes
Connection
close
Vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding,Cookie
accept-ranges: bytes connection: close vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding,Cookie
Caching Headers
Cache-Control
max-age=600, must-revalidate
cache-control: max-age=600, must-revalidate
Content Headers
Content-Length
208646
Content-Type
text/html; charset=UTF-8
content-length: 208646 content-type: text/html; charset=UTF-8
Server Headers
Server
nginx
X-Powered-By
WP Engine
server: nginx x-powered-by: WP Engine
CORS Headers
No CORS headers found
Cookies Headers
Other Headers
Date
Sat, 02 May 2026 19:42:10 GMT
X-Cache
HIT: 5
X-Cache-Group
normal
X-Cacheable
SHORT
date: Sat, 02 May 2026 19:42:10 GMT link: <https://www.cirrusmd.com/>; rel=shortlink x-cache: HIT: 5 x-cache-group: normal x-cacheable: SHORT
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology