Open
Cached
·
just now
26
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=63072000; includeSubDomains; preload
Content-Security-Policy
Basic
default-src; img-src; media-src; +10 more
default-src 'self'; img-src 'self' data: blob: *.commoninja.com cdn.filyou-pro.com storage.googleapis.com firebasestorage.googleapis.com flagcdn.com lh3.googleusercontent.com q.stripe.com api.mapbox.com maps.googleapis.com *.googleapis.com ws.colissimo.fr www.mariages.net cdn1.mariages.net cdn.commoninja.com www.facebook.com connect.facebook.net static.hotjar.com script.hotjar.com static.intercomassets.com js.intercomcdn.com uploads.intercomcdn.com downloads.intercomcdn.com img.sct.eu1.usercentrics.eu *.googletagmanager.com *.google-analytics.com *.analytics.google.com accounts.google.com apis.google.com *.gstatic.com staticxx.facebook.com consentcdn.cookiebot.com consentcdn.cookiebot.eu consent.cookiebot.com filyou.com www.filyou.com staging-client.filyou-pro.com gtm.filyou.com *.calendly.com calendly.com; media-src 'self' data: blob: cdn.filyou-pro.com storage.googleapis.com firebasestorage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.googletagmanager.com *.google-analytics.com *.analytics.google.com accounts.google.com apis.google.com *.gstatic.com ajax.googleapis.com api.mapbox.com ws.colissimo.fr plugin.filyou.tilli.fr cdn.commoninja.com js.stripe.com connect.facebook.net staticxx.facebook.com static.hotjar.com script.hotjar.com widget.intercom.io js.intercomcdn.com consent.cookiebot.com consentcdn.cookiebot.com consentcdn.cookiebot.eu gtm.filyou.com *.calendly.com calendly.com; style-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:; worker-src 'self' blob: data:; connect-src 'self' https: wss: *.googletagmanager.com *.commoninja.com *.google-analytics.com *.analytics.google.com accounts.google.com apis.google.com api.mapbox.com events.mapbox.com api.stripe.com m.stripe.com www.facebook.com connect.facebook.net staticxx.facebook.com static.hotjar.com script.hotjar.com widget.intercom.io api-iam.intercom.io api-iam.eu.intercom.io nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io consent.cookiebot.com consentcdn.cookiebot.com consentcdn.cookiebot.eu filyou.com www.filyou.com staging-client.filyou-pro.com gtm.filyou.com *.calendly.com calendly.com; frame-src 'self' *.googletagmanager.com accounts.google.com accounts.youtube.com apis.google.com js.stripe.com cdn.commoninja.com www.facebook.com connect.facebook.net staticxx.facebook.com widget.intercom.io intercom-sheets.com consent.cookiebot.com consentcdn.cookiebot.com consentcdn.cookiebot.eu filyou.com www.filyou.com staging-client.filyou-pro.com gtm.filyou.com *.calendly.com calendly.com; form-action 'self' https://accounts.google.com https://www.facebook.com https://calendly.com; object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
accelerometer=(), camera=(self "https://calendly.com" "https://*.calendly.com"), geolocation=(), gyroscope=(), magnetometer=(), microphone=(self "https://calendly.com" "https://*.calendly.com"), payment=(self "https://js.stripe.com"), usb=()
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
Performance Headers
3 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Vary
Performance
RSC, Next-Router-State-Tree, Next-Router-Prefetch, Next-Url, Accept-Encoding,cookie,need-authorization, x-fh-requested-host, accept-encoding
Caching Headers
2 headers
Cache-Control
Caching
s-maxage=31536000, stale-while-revalidate
Etag
Caching
"kjfymw1ykr9gdz"
Content Headers
2 headers
Content-Length
Content
442236
Content-Type
Content
text/html; charset=utf-8
Server Headers
2 headers
Server
Server
Google Frontend
X-Powered-By
Server
Next.js
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
10 headers
Alt-Svc
Other
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
Date
Other
Fri, 12 Dec 2025 06:25:32 GMT
Traceparent
Other
00-26676ae9f639a2e6039899152169fdfa-4efca3ec87757812-01
X-Cache
Other
HIT
X-Cache-Hits
Other
0
X-Cloud-Trace-Context
Other
26676ae9f639a2e6039899152169fdfa/5691604265369696274;o=1
X-Country-Code
Other
US
X-Nextjs-Cache
Other
HIT
X-Served-By
Other
cache-pdk-kfty8610029-PDK
X-Timer
Other
S1765520733.782768,VS0,VE3
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology
Analysis completed in 569ms