HTTP Headers Analysis for https://dev.fracttal.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

upgrade-insecure-requests; script-src; child-src; +10 more

upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.alejo.com https://*.fracttal.com https://*.totango.com https://aistudio.fracttal.com https://ajax.cloudflare.com https://app.getbeamer.com https://app.intercom.io https://*.customer.io https://code.gist.build https://cdn.segment.com https://cdn.socket.io https://cdn.socket.io https://chatdev.fracttal.com https://fracttal-ai-dev.s3.amazonaws.com https://fracttal-ai-dev.s3.amazonaws.com https://fracttal-community-paris.s3.eu-west-3.amazonaws.com https://fracttal-community.s3.amazonaws.com https://fracttal-deploy-s3-paris.s3.eu-west-3.amazonaws.com https://fracttal-deploy-s3.s3.us-east-1.amazonaws.com https://fracttal-dev-paris.s3.eu-west-3.amazonaws.com https://fracttal-dev.s3.amazonaws.com https://fracttal-fs-paris.s3.amazonaws.com https://fracttal-fs-paris.s3.eu-west-3.amazonaws.com https://fracttal-fs.s3.amazonaws.com https://fracttal-fs.s3.eu-west-3.amazonaws.com https://fracttal-paris-fs.s3.eu-west-3.amazonaws.com https://js-na1.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hscollectedforms.net https://js.hsforms.net https://js.intercomcdn.com https://js.intercomcdn.com https://maps.google.com https://maps.googleapis.com https://mng-ui-prod.s3.amazonaws.com https://mng-ui-prod.s3.eu-west-3.amazonaws.com https://mng.fracttal.com https://mngdev.fracttal.com https://pod-13-sunco-ws.zendesk.com https://pod-13.zendesk.com https://sonar-community.fracttal.com https://sonar.dev.fracttal.com https://sonar.dev.fracttal.com https://static.cloudflareinsights.com https://static.getbeamer.com https://static.zdassets.com https://tonybot-ai-paris.s3.eu-west-3.amazonaws.com https://tonybot-ai-paris.s3.eu-west-3.amazonaws.com https://tonybot-ai.s3.us-east-1.amazonaws.com https://widget.intercom.io wss://pod-13-sunco-ws.zendesk.com; child-src https://intercom-sheets.com https://fast.wistia.net https://intercom-sheets.com https://player.vimeo.com https://www.intercom-reporting.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.fracttal.com https://aistudio.fracttal.com https://app.getbeamer.com https://app.getbeamer.com https://cdn.segment.com https://chatdev.fracttal.com https://fonts.googleapis.com https://openlayers.org https://static.intercomassets.com; img-src 'self' 'unsafe-inline' blob: data: https://*.fracttal.com https://*.ggpht.com https://*.googleapis.com https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://*.intercom-attachments-9.com https://*.customer.io https://*.totango.com https://aistudio.fracttal.com https://app.getbeamer.com https://chatdev.fracttal.com https://downloads.intercomcdn.com https://flagcdn.com https://forms.hsforms.com https://fracttal-ai-dev.s3.amazonaws.com https://fracttal-ai-dev.s3.amazonaws.com https://fracttal-community-paris.s3.eu-west-3.amazonaws.com https://fracttal-community.s3.amazonaws.com https://fracttal-deploy-s3-paris.s3.eu-west-3.amazonaws.com https://fracttal-deploy-s3.s3.us-east-1.amazonaws.com https://fracttal-dev-paris.s3.eu-west-3.amazonaws.com https://fracttal-dev.s3.amazonaws.com https://fracttal-fs-paris.s3.eu-west-3.amazonaws.com https://fracttal-fs.s3.amazonaws.com https://fracttal-paris-fs.s3.eu-west-3.amazonaws.com https://fracttales.zendesk.com https://gifs.intercomcdn.com https://js.intercomcdn.com https://maps.google.com https://maps.gstatic.com https://messenger-apps.intercom.io https://mng-ui-prod.s3.amazonaws.com https://mng-ui-prod.s3.eu-west-3.amazonaws.com https://p13.zdusercontent.com https://static.getbeamer.com https://static.intercomassets.com https://static.zdassets.com https://tonybot-ai-paris.s3.eu-west-3.amazonaws.com https://tonybot-ai-paris.s3.eu-west-3.amazonaws.com https://tonybot-ai.s3.us-east-1.amazonaws.com https://track.hubspot.com https://uploads.intercomusercontent.com https://avatars.githubusercontent.com https://user-images.githubusercontent.com https://v2assets.zopim.io https://video-messages.intercomcdn.com https://www.gravatar.com https://www.gstatic.com; media-src https://js.intercomcdn.com; font-src 'self' data: http://fonts.intercomcdn.com https://*.fracttal.com https://aistudio.fracttal.com https://app.getbeamer.com https://chatdev.fracttal.com https://fonts.googleapis.com https://fonts.gstatic.com https://js.intercomcdn.com; form-action https://intercom.help http://*.internal.fracttal.com https://*.fracttal.com https://api-iam.intercom.io https://app.getbeamer.com; default-src 'self' blob:; connect-src 'self' blob: data: https://*.fracttal.com https://aistudio.fracttal.com https://api-iam.intercom.io https://api-ping.intercom.io https://api.intercom.io https://api.segment.io https://assets1.lottiefiles.com https://assets3.lottiefiles.com https://*.getbeamer.com https://cdn.segment.com https://chatdev.fracttal.com https://dev-ccmha47qgmagop4f.us.auth0.com https://ekr.zdassets.com https://forms.hubspot.com https://fracttal-ai-dev.s3.amazonaws.com https://fracttal-ai-dev.s3.amazonaws.com https://fracttal-ai-dev.s3.amazonaws.com https://fracttal-community-paris.s3.amazonaws.com https://fracttal-community-paris.s3.amazonaws.com https://fracttal-community-paris.s3.eu-west-3.amazonaws.com https://fracttal-community.s3.amazonaws.com https://fracttal-community.s3.eu-west-3.amazonaws.com https://fracttal-deploy-s3-paris.s3.eu-west-3.amazonaws.com https://fracttal-deploy-s3.s3.us-east-1.amazonaws.com https://fracttal-dev-paris.s3.eu-west-3.amazonaws.com https://fracttal-dev.s3.amazonaws.com https://fracttal-fs-paris.s3.amazonaws.com https://fracttal-fs-paris.s3.eu-west-3.amazonaws.com https://fracttal-fs.s3.amazonaws.com https://fracttal-paris-fs.s3.eu-west-3.amazonaws.com https://fracttal.eu.auth0.com https://fracttales.zendesk.com https://maps.google.com https://maps.googleapis.com https://mng-ui-prod.s3.amazonaws.com https://mng-ui-prod.s3.eu-west-3.amazonaws.com https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://pod-13-sunco-ws.zendesk.com https://pod-13.zendesk.com https://roads.googleapis.com https://tonybot-ai-paris.s3.eu-west-3.amazonaws.com https://tonybot-ai-paris.s3.eu-west-3.amazonaws.com https://tonybot-ai.s3.us-east-1.amazonaws.com https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://zendesk-eu.my.sentry.io wss://dev.fracttal.com wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io wss://one.fracttal.com wss://pod-13-sunco-ws.zendesk.com wss://pod-13.zendesk.com; worker-src 'self' blob: *.fracttal.com; frame-src 'self' https://*.fracttal.com https://*.intercom.io https://371psd0fr0zk.statuspage.io https://aistudio.fracttal.com https://app.getbeamer.com https://chatdev.fracttal.com https://intercom-sheets.com https://maps.google.com https://maps.googleapis.com https://push.getbeamer.com https://view.officeapps.live.com https://www.intercom-reporting.com/; frame-ancestors 'self'

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

same-origin

Permissions-Policy

Present

geolocation=(self), camera=(self "https://chatdev.fracttal.com"), fullscreen=(*), microphone=(self "https://chatdev.fracttal.com"), clipboard-read=(self "https://chatdev.fracttal.com"), clipboard-write=(self "https://chatdev.fracttal.com")

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'

Performance Headers

3 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

Caching Headers

2 headers

Cache-Control

Caching

max-age=0

Last-Modified

Caching

Tue, 02 Jul 2024 23:07:48 GMT

Content Headers

1 headers

Content-Type

Content

text/html; charset=utf-8

Server Headers

1 headers

Server

cloudflare

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

__cf_bm=xuSEvTUxCwzFQ18NHeee_U18Eliou4L2KWWpeR9SR5g-1770212265.182333-1.0.1.1-oFg4uuIPbI5.8DSDaFado3BPCB7Dk8h7E9C1NjUUjJq9Q7tJMzICZHSYrRTcUfj8QplD8GH2yXd6ty1t4DL8B5yG00FfezURv71klrjYXlAOG4jMoiIHnw3.m09pHR5p; HttpOnly; Secure; Path=/; Domain=fracttal.com; Expires=Wed, 04 Feb 2026 14:07:45 GMT

Other Headers

7 headers

Alt-Svc

Other

h3=":443"; ma=86400

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9c8a90816c75aa75-IAD

Date

Other

Wed, 04 Feb 2026 13:37:45 GMT

Server-Timing

Other

cfEdge;dur=104,cfOrigin;dur=81

Speculation-Rules

Other

"/cdn-cgi/speculation"

X-Permitted-Cross-Domain-Policies

Other

none

Recommendations

Enable compression (gzip/brotli) to improve performance