Open
Cached
·
just now
15
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=30; includeSubDomains; preload
Content-Security-Policy
Strong
default-src; connect-src; style-src; +5 more
default-src 'self'; connect-src 'self' blob: https://api.rollbar.com/ https://api.pagerduty.com/ https://api-js.mixpanel.com https://js.stripe.com/ https://api.stripe.com https://consent.api.osano.com https://tattle.api.osano.com https://cmp.osano.com https://disclosure.api.osano.com https://static.foxpass.com/; style-src 'self' http://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ 'sha256-BcGWJjc4FM5VkuFlKUjcteEY6rjRdVAMy/fOHaLnGug=' 'sha256-BQ5eA/mw6jES31KSfh/A55TC7nzftLBWpZBzzDfwUrA=' 'sha256-5Ta6mBV6fsZXyKvk4yc7DKMwI9FICEZHWD4Ww7CxGdc=' 'sha256-WZ567ntT3BKIFaeoTtOOEdkkOJR5UidQJ809ufOE0zk=' 'sha256-nK6A3vwzvwoN92MnHZrWtylYkYmW1jCQgTqWKQJNBMI=' 'sha256-F+21FF3QOEHS5CNuMQEs3Q+LB0uULZF9DODEYnH/mMQ=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-ep3WiQO1GHfrJ7+LKahbcrPKEbkY1aVH2y8HYhmaIt4=' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk=' https://consent.api.osano.com https://tattle.api.osano.com https://cmp.osano.com https://disclosure.api.osano.com https://static.foxpass.com/ 'nonce-T5Y5TzWKFGGgWrEQ'; font-src 'self' data: http://fonts.googleapis.com/ http://fonts.gstatic.com/ https://static.foxpass.com/; frame-src 'self' https://www.google.com/ https://js.stripe.com/ https://td.doubleclick.net/ https://www.googletagmanager.com/ https://connect-js.stripe.com https://player.vimeo.com https://consent.api.osano.com https://tattle.api.osano.com https://cmp.osano.com https://disclosure.api.osano.com; img-src 'self' data: blob: http://www.w3.org/ https://www.google.com/pagead/1p-user-list/959924834/ https://*.stripe.com https://secure.gravatar.com/ https://static.foxpass.com/; script-src 'self' blob: http://ajax.googleapis.com/ https://www.google.com/ https://www.gstatic.com/ https://cdn.jsdelivr.net/npm/chart.js https://cdnjs.cloudflare.com/ https://js.stripe.com/ https://www.googletagmanager.com/ https://cdn.rollbar.com/ https://cdn.mxpnl.com/ https://connect-js.stripe.com https://consent.api.osano.com https://tattle.api.osano.com https://cmp.osano.com https://disclosure.api.osano.com https://cdn.rudderstack.com https://cdn.rudderlabs.com https://static.foxpass.com/ 'nonce-T5Y5TzWKFGGgWrEQ'; report-uri /settings/csp_report/
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
same-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Connection
Performance
close
Vary
Performance
Cookie, Accept-Language
Caching Headers
2 headers
Cache-Control
Caching
max-age=0, no-cache, no-store, must-revalidate, private
Expires
Caching
Fri, 23 Jan 2026 06:08:08 GMT
Content Headers
3 headers
Content-Language
Content
en-us
Content-Length
Content
16089
Content-Type
Content
text/html; charset=utf-8
Server Headers
0 headers
No server headers found
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
csrftoken=t3YpaOW75s4lPdg7Y1DXvXlApLjC2Oyb; expires=Fri, 22 Jan 2027 06:08:08 GMT; Max-Age=31449600; Path=/; SameSite=Lax; Secure
Other Headers
1 headers
Date
Other
Fri, 23 Jan 2026 06:08:08 GMT
Recommendations
Enable compression (gzip/brotli) to improve performance