SSL Verification Bypassed
The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.
Reason:
Expired Certificate - the server's certificate has expired
Open
Cached
·
just now
17
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains;
Content-Security-Policy
Basic
default-src; connect-src; font-src; +6 more
default-src 'self'; connect-src 'self' https: wss: ws:; font-src 'self' https:; frame-src 'self' js.stripe.com www.recaptcha.net; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' www.googleadservices.com/pagead/conversion_async.js; style-src 'self' https: 'unsafe-inline'; worker-src blob:
X-Frame-Options
Good
sameorigin
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Caching Headers
2 headers
Cache-Control
Caching
max-age=0, private, must-revalidate
Etag
Caching
W/"329b7fbd4cee3f02aea442c2ee865a58"
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
Server
Server
nginx
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
_cl_session=fcd526ba70cc423fc8ea40161f0c5083; path=/; secure; HttpOnly; SameSite=Lax
Other Headers
5 headers
Date
Other
Tue, 30 Dec 2025 13:36:00 GMT
Link
Other
</assets/idp/sessions-84faa2a33636626a433fccb671cb2426a2474e11d361d5aa65d47d7bba82c388.js>; rel=preload; as=script; nopush,</assets/user_v3-74020a19c145abcbd3385738c0666eddf483e04a8d851f1ade23c9d1980f4bdd.css>; rel=preload; as=style; nopush,</packs/js/application-8ec8b556f1ea149ab603.js>; rel=preload; as=script; nopush,<https://code.jquery.com/jquery-3.3.1.min.js>; rel=preload; as=script; nopush,</assets/jquery_ujs-299c347e59dff0fc64ffa44cab7b79d97e2bb8e0e40a13974085f3f16b3cb54d.js>; rel=preload; as=script; nopush,<https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.8/js/select2.min.js>; rel=preload; as=script; nopush,<https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js>; rel=preload; as=script; nopush,<https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js>; rel=preload; as=script; nopush,</assets/idp/color-helper-710993a4d1b9bb96de7d2e9079c248e073169c40b0933bd3db88a39632a295da.js>; rel=preload; as=script; nopush,</assets/sticky_header-fa5022884fd8da9d251e571e380a2bce17807554cf88dec84f51260ff417f68d.js>; rel=preload; as=script; nopush
X-Download-Options
Other
noopen
X-Permitted-Cross-Domain-Policies
Other
none
X-Request-Id
Other
f60c953a-f094-4afb-8cba-5b1e2723635b
Recommendations
Enable compression (gzip/brotli) to improve performance