Open
Cached
·
just now
12
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=63072000; includeSubDomains
Content-Security-Policy
Basic
default-src; base-uri; connect-src; +8 more
default-src 'self' secure.gravatar.com www.etermin.net develop.gfn.de staging.gfn.de www.gfn.de chatbot.gfn.de jnn-pa.googleapis.com maps.googleapis.com fonts.gstatic.com maps.gstatic.com www.gstatic.com rns.matelso.de www.google.com googleads.g.doubleclick.net i.ytimg.com www.googletagmanager.com www.youtube-nocookie.com www.youtube.com yt3.ggpht.com cdn.join.com join.com yoast.com ps.w.org s.w.org ninjaforms.com cdn-public.borlabs.io ams.wpml.org ate.wpml.org; base-uri 'self'; connect-src 'self' seo.gfn.de seo3.gfn.de api.ipify.org region1.google-analytics.com region1.analytics.google.com play.google.com www.google.com www.googletagmanager.com o2.mouseflow.com eu01.rec.mouseflow.com www.youtube-nocookie.com www.facebook.com rns.matelso.de www.etermin.net stats.g.doubleclick.net jnn-pa.googleapis.com maps.googleapis.com bat.bing.com bat.bing.net yoast.com ams.wpml.org ate.wpml.org psb.taboola.com trc-events.taboola.com trc.taboola.com pips.taboola.com cds.taboola.com cdn.join.com join.com px.ads.linkedin.com api.digiaccess.org newassets.hcaptcha.com j2xdcu.gfn.de; font-src 'self' data: fonts.gstatic.com cdn.join.com cdn.mouseflow.com; frame-ancestors 'self' develop.gfn.de staging.gfn.de www.gfn.de chatbot.gfn.de www.etermin.net join.com; frame-src 'self' blob: develop.gfn.de staging.gfn.de www.gfn.de chatbot.gfn.de www.etermin.net join.com jnn-pa.googleapis.com maps.googleapis.com play.google.com www.google.com www.googletagmanager.com www.youtube-nocookie.com www.youtube.com api.wppopupmaker.com testbot-gfn.assono.de td.doubleclick.net; img-src 'self' data: develop.gfn.de staging.gfn.de www.gfn.de play.google.com www.google.com www.google.de ajax.googleapis.com googleads.g.doubleclick.net www.googletagmanager.com trc.taboola.com maps.gstatic.com jnn-pa.googleapis.com maps.googleapis.com fonts.gstatic.com bat.bing.com bat.bing.net yt3.ggpht.com i.ytimg.com rmsi-4008-adswizz.attribution.adswizz.com chatbot.gfn.de testbot-gfn.assono.de secure.gravatar.com 0.gravatar.com s.wordpress.com ps.w.org s.w.org ts.w.org cdn-public.borlabs.io www.kadencewp.com ninjaforms.com i.imgur.com updates.arscode.pro tp-cdn.wpml.org wpml.org toolset.com criticalcss.com sp-ao.shortpixel.ai d1lsub6zbh43gv.cloudfront.net optimizingmatters.com www.facebook.com cdn.join.com www.youtube-nocookie.com patterns.startertemplatecloud.com toucan.kadencewp.com px.ads.linkedin.com px4.ads.linkedin.com download.digiaccess.org j2xdcu.gfn.de; media-src 'self' www.youtube-nocookie.com www.youtube.com cdn-public.borlabs.io; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com jnn-pa.googleapis.com maps.googleapis.com play.google.com www.google.com www.gstatic.com googleads.g.doubleclick.net www.google-analytics.com rns.matelso.de chatbot.gfn.de testbot-gfn.assono.de develop.gfn.de staging.gfn.de www.gfn.de j2xdcu.gfn.de www.googletagmanager.com cdn.mouseflow.com connect.facebook.net bat.bing.com bat.bing.net cdn.taboola.com trc.taboola.com www.youtube.com www.youtube-nocookie.com www.etermin.net join.com ams.wpml.org ate.wpml.org widget.join.com snap.licdn.com px.ads.linkedin.com download.digiaccess.org api.digiaccess.org challenges.cloudflare.com js.hcaptcha.com; style-src 'self' 'unsafe-inline' chatbot.gfn.de testbot-gfn.assono.de www.youtube-nocookie.com jnn-pa.googleapis.com maps.googleapis.com fonts.googleapis.com ajax.googleapis.com play.google.com www.google.com www.googletagmanager.com ams.wpml.org ate.wpml.org cdn.join.com patterns.startertemplatecloud.com download.digiaccess.org api.digiaccess.org j2xdcu.gfn.de;
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
same-origin
Permissions-Policy
Present
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding
Caching Headers
0 headers
No caching headers found
Content Headers
1 headers
Content-Type
Content
text/html; charset=UTF-8
Server Headers
1 headers
Server
Server
Apache/2.4.65 (Debian)
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
2 headers
Date
Other
Wed, 24 Dec 2025 09:25:33 GMT
X-Cache-Handler
Other
cache-enabler-engine
Recommendations
Enable compression (gzip/brotli) to improve performance
Add Cache-Control header to optimize caching
Analysis completed in 2038ms