Open
Cached
·
just now
21
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31556952; includeSubDomains; preload
Content-Security-Policy
Good
default-src; font-src; object-src; +6 more
default-src 'self'; font-src 'self' https: data:; object-src 'none'; form-action 'self' https:; img-src 'self' https: blob: data: https://img.icons8.com; connect-src 'self' https://api.mapbox.com https://events.mapbox.com https://s3.wasabisys.com https://bmithudu.s3.wasabisys.com https://docs.bostonmit.com; frame-src https://www.youtube.com https://www.loom.com https://viewer.diagrams.net https://scribehow.com https://app.tango.us https://player.vimeo.com https://widget.canny.io https://lucid.app https://*.wasabisys.com https://www.canva.com https://*.sharepoint.com https://*.brightgauge.co https://www.figma.com https://*.figma.com https://maps.google.com https://www.google.com https://docs.google.com https://www.facebook.com https://www.linkedin.com https://app.rewst.io https://rewst.us.auth0.com https://api.mapbox.com https://bmithudu.s3.wasabisys.com https://docs.bostonmit.com; script-src 'self' blob: https://ajax.cloudflare.com https://canny.io/sdk.js https://api.duosecurity.com https://platform.twitter.com https://canvasjs.com https://stackpath.bootstrapcdn.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' blob: https://stackpath.bootstrapcdn.com
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Strengthen CSP by removing 'unsafe-eval'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Connection
Performance
close
Vary
Performance
Accept-Encoding
Caching Headers
4 headers
Cache-Control
Caching
no-store
Etag
Caching
W/"6ce7acdfc2bd53aae8d62215330b900b"
Expires
Caching
Mon, 01 Jan 1990 00:00:00 GMT
Pragma
Caching
no-cache
Content Headers
2 headers
Content-Length
Content
2793
Content-Type
Content
text/html; charset=utf-8
Server Headers
2 headers
Server
Server
nginx/1.16.1
X-Runtime
Server
0.096417
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
_hudu_session=B7PdZKi6TI6vgHkXtF9xzaArHR6jXyqS%2B6zfpQc8fVDFQk4GK3dYoaxcczA4PhdKaBN%2BDqqlyVGBJhhqbyfm5z0tS527ZnDJi2vtFVSSBa1WkoGNaUN1QkiFoeTaL9IpqS6mABme0%2FGYse2sr2a6sDS2r2HsIJmJETzZgkh2gsM0NYB%2B4Ao7UnQe97u7vJTIJ%2F1bscdBawhhKSDOLtuY1Z7%2BPkiJ8A1tH3qlUaNAlfowA5XH%2BHlvL1kTSkx1InQn1NJZlie%2B1H7S6AIChaacoG5VsBuf--XQbTrrB51RnNIiLk--weJT7AQvLdFQPT01u2F4Jg%3D%3D; path=/; secure; httponly; samesite=lax
Other Headers
4 headers
Date
Other
Tue, 13 Jan 2026 06:06:22 GMT
Link
Other
</app_assets/application-3478c7cec484390bda79e965e17207677be30dd6e4f863e69b6eed6f059db015.css>; rel=preload; as=style; nopush,</app_assets/application-65282158fda0f4a8ad31eabce6c2d3ac5edddf1c9252ee99b8a56d50f4f16d86.js>; rel=preload; as=script; nopush
X-Permitted-Cross-Domain-Policies
Other
none
X-Request-Id
Other
9bfd3c4e-d532-4365-8962-4197e4fd045a
Recommendations
Enable compression (gzip/brotli) to improve performance