Open
Cached
·
just now
25
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Good
frame-ancestors; media-src; connect-src; +10 more
frame-ancestors 'self';media-src 'self' js.intercomcdn.com; connect-src 'self' https://cdn.cookielaw.org api-iam.intercom.io nexus-websocket-a.intercom.io api-iam.intercom.io nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io cdn.cookielaw.org geolocation.onetrust.com www.google-analytics.com *.clarity.ms stats.g.doubleclick.net;default-src 'self';frame-src 'self' intercom-sheets.com; script-src 'self' *.intercomcdn.com *.heapanalytics.com www.googletagmanager.com cdn.cookielaw.org platform.twitter.com www.clarity.ms www.google-analytics.com static.ads-twitter.com widget.intercom.io 'unsafe-inline';style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com;img-src 'self' *.intercomcdn.com fonts.gstatic.com fast.fonts.net heapanalytics.com cdn.cookielaw.org c.clarity.ms t.co analytics.twitter.com c.bing.com www.google.com www.google.com.np https://www.googletagmanager.com static.intercomassets.com data:;object-src 'none';base-uri 'self';form-action 'self';upgrade-insecure-requests
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Strengthen CSP by removing 'unsafe-eval'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
accept-encoding
Caching Headers
3 headers
Age
Caching
5867
Cache-Control
Caching
max-age=3153600
Last-Modified
Caching
Wed, 21 Aug 2024 19:26:11 GMT
Content Headers
1 headers
Content-Type
Content
text/html
Server Headers
1 headers
Server
Server
cloudflare
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
_cfuvid=Pj3hyHvfGnAU0_bXVdxLkCb35Q51kXdXwbvo_KgTr3c-1768274892516-0.0.1.1-604800000; path=/; domain=.fonts.com; HttpOnly; Secure; SameSite=None
Other Headers
10 headers
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
9bd1cd5dfd21f268-IAD
Content-Security-Policy-Report-Only
Other
script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=Ks.i0bqOUNp0t77t8ufY87o316lVIxDNJF_zaf_ch6Q-1768274892-1.0.1.1-RokE1R0NesM30GzJMmev_JhzlExvGZ2qkVQLqPk1fQYPJzlwAYWm1gwJNq1CUdWtI.I7zuLVeaZLy_g9Q5T4nshoXz6iT4pqhiPVul5FUXqbOpcqqp6MkJW7urm.UFGdsVt89kj2ZJPZ6p2gICrtEVMqZqaBcvPTJvYNIbRAamm6ULfXztNo1fKYvRks1U_K; report-to cf-csp-endpoint
Date
Other
Tue, 13 Jan 2026 03:28:12 GMT
Report-To
Other
{"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=Ks.i0bqOUNp0t77t8ufY87o316lVIxDNJF_zaf_ch6Q-1768274892-1.0.1.1-RokE1R0NesM30GzJMmev_JhzlExvGZ2qkVQLqPk1fQYPJzlwAYWm1gwJNq1CUdWtI.I7zuLVeaZLy_g9Q5T4nshoXz6iT4pqhiPVul5FUXqbOpcqqp6MkJW7urm.UFGdsVt89kj2ZJPZ6p2gICrtEVMqZqaBcvPTJvYNIbRAamm6ULfXztNo1fKYvRks1U_K"}],"group":"cf-csp-endpoint","max_age":86400}
Via
Other
1.1 f50e53e9e947bca4dadaaf68ff4c7ea4.cloudfront.net (CloudFront)
X-Amz-Cf-Id
Other
b5HMQ2wtWfCkhvgRoyTAx0CfFqacKZdvZKKkTxwD-STb4O6Cu2ULNw==
X-Amz-Cf-Pop
Other
IAD61-P10
X-Amz-Server-Side-Encryption
Other
AES256
X-Cache
Other
Hit from cloudfront
Recommendations
Enable compression (gzip/brotli) to improve performance