Open
Cached
·
just now
18
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=2592000
Content-Security-Policy
Basic
script-src; object-src; frame-ancestors; +6 more
script-src 'self' blob: https://*.chameleon.io https://*.chargebee.com 'nonce-d2c3ff786c23c37cc14065d88e61f093'; object-src 'self'; frame-ancestors 'self' https://*.sync.com; frame-src 'self' blob: https://*.chameleon.io https://*.sync.com *.chargebee.com *.syncusercontent.com *.syncusercontent1.com *.syncusercontent2.com *.syncusercontentpro.com *.syncusercontentpro1.com *.syncusercontentpro2.com *.live.com ; child-src 'self' blob: https://*.chameleon.io https://*.sync.com *.chargebee.com *.syncusercontent.com *.syncusercontent1.com *.syncusercontent2.com *.syncusercontentpro.com *.syncusercontentpro1.com *.syncusercontentpro2.com *.live.com ; connect-src 'self' https://*.chameleon.io blob: https://*.sync.com *.chargebee.com *.syncusercontent.com *.syncusercontent1.com *.syncusercontent2.com *.syncusercontentpro.com *.syncusercontentpro1.com *.syncusercontentpro2.com *.live.com *.sentry.io wss://*.sync.com ; img-src 'self' data: blob: https://*.sync.com *.syncusercontent.com *.syncusercontent1.com *.syncusercontent2.com *.syncusercontentpro.com *.syncusercontentpro1.com *.syncusercontentpro2.com https://*.chameleon.io https://*.chmln-cdn.com https://*.office.net; font-src 'self' data: https://*.chmln-cdn.com; style-src 'self' 'unsafe-inline';
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
same-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding
Caching Headers
2 headers
Cache-Control
Caching
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Last-Modified
Caching
Wed, 07 Jan 2026 15:31:17 GMT
Content Headers
1 headers
Content-Type
Content
text/html
Server Headers
1 headers
Server
Server
cloudflare
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
__cf_bm=5FOU_e7IAtxDCbCAd0CPxY_kLowYqKSG6Ukg5HBLXUE-1768788636-1.0.1.1-0_NMyvZDyel9Mioz2.1YsoHU09CMQ.WqkmmxCKQB_pgKWOwdOBpofElROc.wuV9AiW0M1eCub9.Cahr43_H7jqlA6Nlh1ul9q6udqAHqrOw; path=/; expires=Mon, 19-Jan-26 02:40:36 GMT; domain=.cp.sync.com; HttpOnly; Secure; SameSite=None
Other Headers
3 headers
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
9c02cbf29de361e8-YYZ
Date
Other
Mon, 19 Jan 2026 02:10:36 GMT
Recommendations
Enable compression (gzip/brotli) to improve performance