Open
Cached
·
just now
17
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000; includeSubdomains;
Content-Security-Policy
Basic
worker-src; child-src; connect-src; +9 more
worker-src blob: 'self'; child-src https://fast.wistia.net https://intercom-sheets.com https://jumpcloud-1.wistia.com https://www.google.com https://www.intercom-reporting.com https://youtube.com; connect-src 'self' https://geolocation.onetrust.com https://cdn.cookielaw.org https://*.intercom.io https://706-rst-100.mktoresp.com https://api.segment.io https://api.split.io https://app.launchdarkly.com https://assets.jumpcloud.com https://auth.split.io https://browser-intake-datadoghq.com https://cdn.awsstg.jumpcloud.com https://cdn.stg01.jumpcloud.com https://cdn03.jumpcloud.com https://clientstream.launchdarkly.com https://console.jumpcloud.com https://device-cert.jumpcloud.com https://edge.fullstory.com https://events.launchdarkly.com https://events.split.io https://ipv4.icanhazip.com http://localhost:1028 https://logs.browser-intake-datadoghq.com https://oauth.awsstg.jumpcloud.com https://oauth.jumpcloud.com https://oauth.jumpcloud.com https://raw.githubusercontent.com/TheJumpCloud/ https://rs.fullstory.com https://rum.browser-intake-datadoghq.com https://s3.us-east-1.amazonaws.com/jumpcloud-prd-devices-object-storage-uploads/ https://s3.us-east-2.amazonaws.com/jumpcloud-stg01-devices-object-storage-uploads/ https://s3.us-east-1.amazonaws.com/jumpcloud-prd-assets-imports/ https://s3.us-east-1.amazonaws.com/jumpcloud-prd-assets-asset-files/ https://sdk.split.io https://segment.jumpcloud.com https://segmentcdn.jumpcloud.com https://solupay.transactiongateway.com https://status.jumpcloud.com https://streaming.split.io https://uploads.au.intercomcdn.com https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://www.google-analytics.com https://analytics.google.com https://www.google.com https://*.navattic.com https://thirdparty.jumpcloud.com https://jumpcloud-sourcemaps-prd.s3.amazonaws.com wss://*.kinesisvideo.ap-northeast-1.amazonaws.com wss://*.kinesisvideo.eu-central-1.amazonaws.com wss://*.kinesisvideo.eu-west-2.amazonaws.com wss://*.kinesisvideo.us-east-1.amazonaws.com wss://*.kinesisvideo.us-west-2.amazonaws.com wss://nexus-australia-websocket.intercom.io wss://nexus-europe-websocket.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io; default-src 'self' https://assets.jumpcloud.com https://cdn.awsstg.jumpcloud.com https://cdn.jumpcloud.com https://cdn.stg01.jumpcloud.com https://cdn03.jumpcloud.com; font-src 'self' data: https://assets.jumpcloud.com https://cdn.awsstg.jumpcloud.com https://cdn.jumpcloud.com https://cdn.stg01.jumpcloud.com https://cdn03.jumpcloud.com https://fonts.intercomcdn.com https://js.intercomcdn.com; frame-ancestors 'self' https://login.jumpcloud.com https://fast.wistia.net https://jumpcloud-1.wistia.com https://www.google.com https://youtube.com; frame-src 'self' https://login.jumpcloud.com https://*.doubleclick.net https://*.duosecurity.com https://11226752.fls.doubleclick.net https://cloud.jumpcloud.com https://enterprise.google.com https://fast.wistia.net https://hello.jumpcloud.com https://intercom-sheets.com https://js.driftt.com https://js.intercomcdn.com https://js.stripe.com https://jumpcloud.chilipiper.com https://jumpcloud-1.wistia.com https://play.google.com https://solupay.transactiongateway.com https://www.google.com https://www.youtube.com https://xd.adobe.com https://*.navattic.com https://youtube.com; img-src 'self' data: https://jumpcloud.com https://cdn.cookielaw.org https://*.au.intercom-attachments.com https://*.google.com https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://*.intercom-attachments.eu https://*.mzstatic.com https://11226752.fls.doubleclick.net https://ad.doubleclick.net https://alb.reddit.com https://assets.jumpcloud.com https://august.takingbackjuly.com https://bat.bing.com https://cdn.awsstg.jumpcloud.com https://cdn.jumpcloud.com https://cdn.stg01.jumpcloud.com https://cdn03.jumpcloud.com https://chart.googleapis.com https://downloads.au.intercomcdn.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://facebook.com https://gifs.intercomcdn.com https://googleads.g.doubleclick.net https://insight.adsrvr.org https://js.intercomcdn.com https://june.takingbackjuly.com https://lh3.googleusercontent.com https://lh6.ggpht.com https://match.adsrvr.org https://messenger-apps.au.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.intercom.io https://p.typekit.net https://ping.typekit.net https://px.ads.linkedin.com https://q.stripe.com https://rs.fullstory.com https://s3.amazonaws.com/static.jumpcloud.com/ https://static.intercomassets.com https://stats.g.doubleclick.net https://storage.googleapis.com https://video-messages.intercomcdn.com https://www.facebook.com https://www.google-analytics.com https://www.redditstatic.com; media-src https://assets.jumpcloud.com https://cdn.awsstg.jumpcloud.com https://cdn.jumpcloud.com https://cdn.stg01.jumpcloud.com https://cdn03.jumpcloud.com https://fast.wistia.net https://js.driftt.com https://js.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://cdn.cookielaw.org https://api.duosecurity.com https://api.stripe.com https://apis.google.com https://app.intercom.io https://assets.jumpcloud.com https://august.takingbackjuly.com https://bat.bing.com https://cdn.awsstg.jumpcloud.com https://cdn.jumpcloud.com https://cdn.stg01.jumpcloud.com https://cdn03.jumpcloud.com https://connect.facebook.com https://connect.facebook.net https://ct.capterra.com https://edge.fullstory.com https://fast.wistia.net https://googleads.g.doubleclick.net https://js.driftt.com https://js.intercomcdn.com https://js.stripe.com https://june.takingbackjuly.com https://munchkin.marketo.net https://pi.pardot.com https://px.ads.linkedin.com https://q.stripe.com https://rs.fullstory.com https://segmentcdn.jumpcloud.com https://sjs.bizographics.com https://snap.licdn.com https://solupay.transactiongateway.com https://stats.g.doubleclick.net https://storage.googleapis.com https://tagmanager.google.com/ https://takingbackjuly.com https://thirdparty.jumpcloud.com https://jumpcloud-sourcemaps-prd.s3.amazonaws.com https://use.typekit.net https://widget.intercom.io https://www.datadoghq-browser-agent.com https://www.google-analytics.com https://analytics.google.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com/ https://www.gstatic.com https://*.navattic.com https://www.redditstatic.com; style-src 'self' 'unsafe-inline' https://assets.jumpcloud.com https://cdn.awsstg.jumpcloud.com https://cdn.jumpcloud.com https://cdn.stg01.jumpcloud.com https://cdn03.jumpcloud.com https://fonts.googleapis.com/ https://solupay.transactiongateway.com https://tagmanager.google.com/ https://use.typekit.net
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Caching Headers
1 headers
Last-Modified
Caching
Tue, 20 Jan 2026 15:39:56 GMT
Content Headers
1 headers
Content-Type
Content
text/html
Server Headers
1 headers
Server
Server
cloudflare
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
6 headers
Cf-Apo-Via
Other
origin,host
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
9c1090fc4fe9787b-IAD
Date
Other
Tue, 20 Jan 2026 18:17:02 GMT
X-Envoy-Upstream-Service-Time
Other
0
X-Ua-Compatible
Other
IE=edge
Recommendations
Enable compression (gzip/brotli) to improve performance
Add Cache-Control header to optimize caching