Open
Cached
·
just now
22
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Good
connect-src; default-src; font-src; +11 more
connect-src 'self' https://api.segment.io https://cdn.segment.com https://*.ingest.sentry.io https://x-api.rollout.io https://statestore.rollout.io https://conf.rollout.io https://push.rollout.io https://analytic.rollout.io https://notify.bugsnag.com/ https://www.googletagmanager.com/ https://*.google-analytics.com;default-src 'self';font-src data: 'self' https://fonts.gstatic.com https://use.typekit.net;frame-ancestors 'self';frame-src 'self' https://www.youtube.com/embed/ https://www.google.com https://fast.wistia.net/;img-src data: 'self' https://media.giphy.com https://*.googleusercontent.com https://www.googletagmanager.com https://*.google-analytics.com;manifest-src 'self' https://id.cloudbees.com;object-src 'self';script-src 'strict-dynamic' 'nonce-OTYyNzUxZmMtZjA4MS00ZTZhLThiMzctZGFmYTA4ZmY2ZWNi';style-src 'self' 'unsafe-inline' https://*.googleapis.com;base-uri 'self';form-action 'self';script-src-attr 'none';upgrade-insecure-requests
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
geolocation=(), interest-cohort=(), payment=(), usb=()
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Strengthen CSP by removing 'unsafe-eval'
Performance Headers
2 headers
Connection
Performance
close
Vary
Performance
Accept-Encoding
Caching Headers
2 headers
Cache-Control
Caching
private, no-cache, no-store, max-age=0, must-revalidate
Etag
Caching
"3y35y6dgh9769j"
Content Headers
2 headers
Content-Length
Content
334712
Content-Type
Content
text/html; charset=utf-8
Server Headers
0 headers
No server headers found
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
7 headers
Alt-Svc
Other
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Date
Other
Tue, 13 Jan 2026 23:28:56 GMT
Origin-Agent-Cluster
Other
?1
Via
Other
1.1 google
X-Dns-Prefetch-Control
Other
off
X-Download-Options
Other
noopen
X-Permitted-Cross-Domain-Policies
Other
none
Recommendations
Enable compression (gzip/brotli) to improve performance