Open
Cached
·
just now
19
Headers
Detected Technologies from Headers
AWS CloudFront
YouTube
Adobe Fonts (Typekit)
AWS
Active incidents
Amazon S3
BootstrapCDN
Braintree
Branch
Facebook
Google Analytics
Google API JS Client
Google Conversion Tracking
Google DoubleClick
Google Search
Google Static File Front End
Google Tag Manager
Heroku
Intercom
JW Player
Mixpanel
Sentry
TrackJS
Twitter
Vimeo
Google Cloud
Google Cloud Storage
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=2592000; includeSubDomains
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Consider adding Permissions-Policy to control browser features
Performance Headers
Accept-Ranges
bytes
Connection
close
accept-ranges: bytes connection: close
Caching Headers
Cache-Control
public, max-age=0
Etag
W/"3a4-19d88d297a0"
Last-Modified
Mon, 13 Apr 2026 21:49:56 GMT
cache-control: public, max-age=0 etag: W/"3a4-19d88d297a0" last-modified: Mon, 13 Apr 2026 21:49:56 GMT
Content Headers
Content-Length
932
Content-Type
text/html; charset=UTF-8
content-length: 932 content-type: text/html; charset=UTF-8
Server Headers
Server
NOYB
X-Powered-By
VidMob
server: NOYB x-powered-by: VidMob
CORS Headers
No CORS headers found
Cookies Headers
Other Headers
Date
Mon, 25 May 2026 23:26:54 GMT
Feature-Policy
microphone 'none'; payment 'none'; sync-xhr 'self' undefined
X-Scoped-Csp
1
date: Mon, 25 May 2026 23:26:54 GMT feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' undefined x-scoped-csp: 1
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology