Open
Cached
·
just now
16
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Basic
default-src; script-src; style-src; +10 more
default-src 'self' data: gap: https://ssl.gstatic.com https://fonts.googleapis.com https://fonts.googleapis.com https://www.googletagmanager.com https://www.gstatic.com/ 'unsafe-eval' ; script-src 'report-sample' 'unsafe-inline' 'self' *.adtrafficquality.google https://cdn.cookielaw.org https://js-na1.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hubspot.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://forms.hsforms.com https://www.socialintents.com https://www.google-analytics.com https://www.youtube.com https://js.hsforms.net https://maps.google.com https://cpwebassets.codepen.io/ https://public.codepenassets.com/ https://*.doubleclick.net https://*.googlesyndication.com; style-src 'report-sample' 'unsafe-inline' 'self' https://fonts.googleapis.com https://www.googletagmanager.com https://*.gstatic.com/ https://www.socialintents.com https://cdpn.io/; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.hubapi.com https://cdn.cookielaw.org https://cta-service-cms2.hubspot.com https://forms.hscollectedforms.net https://www.google-analytics.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hubspot.com https://maps.googleapis.com https://maps.google.com https://geolocation.onetrust.com/ https://*.googletagmanager.com https://*.doubleclick.net https://*.googlesyndication.com https://*.adtrafficquality.google https://*.gstatic.com; font-src 'self' 'unsafe-inline' https: data: https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://*.adtrafficquality.google https://*.google.com https://player.vimeo.com https://maps.googleapis.com https://www.youtube.com https://codepen.io/ https://*.doubleclick.net https://*.googlesyndication.com https://*.googleadservices.com/; media-src *; worker-src 'self' data: gap: blob: *; frame-ancestors 'self' 'self' https://*.adtrafficquality.google https://www.google.com https://player.vimeo.com/; img-src 'self' data: content: https://*.adtrafficquality.google https://cdn.cookielaw.org https://forms.hsforms.com https://perf-na1.hsforms.com https://track.hubspot.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://forms-na1.hsforms.com https://maps.googleapis.com https://maps.google.com https://maps.gstatic.com https://www.googletagmanager.com https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://*.doubleclick.net https://cdn.carfax.ca; fenced-frame-src 'self' *.google.com;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding
Caching Headers
3 headers
Cache-Control
Caching
no-store, no-cache, must-revalidate
Expires
Caching
Thu, 19 Nov 1981 08:52:00 GMT
Pragma
Caching
no-cache
Content Headers
1 headers
Content-Type
Content
text/html; charset=UTF-8
Server Headers
1 headers
Server
Server
nginx
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
PHPSESSID=810vjk075q7nuasnnbeqllrrdf; path=/; secure; HttpOnly
Other Headers
2 headers
Date
Other
Wed, 14 Jan 2026 22:19:51 GMT
Link
Other
<https://www.d2cmedia.ca/wp-json/>; rel="https://api.w.org/", <https://www.d2cmedia.ca/wp-json/wp/v2/pages/17>; rel="alternate"; title="JSON"; type="application/json", <https://www.d2cmedia.ca/>; rel=shortlink
Recommendations
Enable compression (gzip/brotli) to improve performance