HTTP Headers Analysis for https://favro.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=63072000; includeSubdomains; preload

Content-Security-Policy

Good

default-src; prefetch-src; img-src; +11 more

default-src 'none' ; prefetch-src 'self' *.favro.com favro.com ; img-src 'self' data: *.favro.com favro.com https: ; font-src 'self' data: *.favro.com favro.com https://fonts.intercomcdn.com https://assets.website-files.com/ https://cdn.prod.website-files.com/5eb8d3f3c300199312debf24/ https://fonts.gstatic.com/ ; media-src 'self' *.favro.com favro.com js.intercomcdn.com ; script-src 'self' *.favro.com favro.com https://www.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://www.googleadservices.com/pagead/conversion_async.js https://www.google.com/pagead/ https://www.googleadservices.com/pagead/conversion/ https://connect.facebook.net/ https://widget.intercom.io https://js.intercomcdn.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://*.onetrust.com/ https://tally.so/widgets/embed.js https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js https://cdn.prod.website-files.com/5eb8d3f3c300199312debf24/js/ https://assets.website-files.com/5eb8d3f3c300199312debf24/js/ https://ajax.googleapis.com/ajax/libs/webfont/ 'sha256-mjdgHR9aXy+6OwAGlNS/XgNcYG1Uhd2U4pl8vi7+XCY=' 'sha256-PUK4uAowAIILmmLF0yVB4qyKfF9UeStgCS45Nw28mmQ='; style-src 'self' *.favro.com favro.com 'unsafe-inline' https://cdn.prod.website-files.com/5eb8d3f3c300199312debf24/css/ https://fonts.googleapis.com ; frame-src 'self' *.favro.com favro.com *.youtube.com https://www.googletagmanager.com https://intercom-sheets.com https://tally.so https://favrotemplates.com ; connect-src 'self' *.favro.com favro.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google.com/ccm/collect https://www.google.com/pagead/ https://googleads.g.doubleclick.net/pagead/ https://stats.g.doubleclick.net wss://*.intercom.io wss://*.intercom-messenger.com https://*.intercom.io https://*.intercom-messenger.com https://uploads.intercomcdn.com https://px.ads.linkedin.com/ https://cdn.prod.website-files.com/5eb8d3f3c300199312debf24/ https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://*.onetrust.com/ ; child-src 'self' *.favro.com favro.com ; form-action 'self' *.favro.com favro.com intercom.help ; manifest-src 'self' *.favro.com favro.com ; object-src 'none' ; report-uri https://favro.com/csp-reports ;

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

same-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Strengthen CSP by removing 'unsafe-eval'
• Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers

Connection

Performance

close

Vary

Performance

Accept-Encoding

Caching Headers

2 headers

Age

Caching

353360

Last-Modified

Caching

Thu, 08 Jan 2026 06:00:48 GMT

Content Headers

2 headers

Content-Length

Content

88041

Content-Type

Content

text/html

Server Headers

1 headers

Server

cloudflare

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

10 headers

Cf-Cache-Status

Other

HIT

Cf-Ray

Other

9bc3cfd83c460624-IAD

Date

Other

Sun, 11 Jan 2026 10:43:13 GMT

Surrogate-Control

Other

max-age=432000

Surrogate-Key

Other

webflow.favro.team 5eb8d3f3c300199312debf24 pageId:60411c230b56417acbb2321f 61fce6d9c6e3bb401ef99b38 633c137f7f94fe5a79e7246e

Via

Other

1.1 030b88b6d8d9c6faf056723bb5f16078.cloudfront.net (CloudFront)

X-Amz-Cf-Id

Other

Xp3B0u1Qm1Zf_u4rvOJIhLLBWjljol13Lra6xjAO2y6f20nwwoC46A==

X-Amz-Cf-Pop

Other

IAD61-P1

X-Cache

Other

Hit from cloudfront

X-Lambda-Id

Other

24ceec3b-13d8-456a-a131-fb07a706ae99

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching