HTTP Headers Analysis for https://gmelius.io

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31556926

Content-Security-Policy

Basic

default-src; script-src; script-src-elem; +8 more

default-src https://app-staging.gmelius.com 'self'; script-src https://client.crisp.chat https://*.googletagmanager.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://*.firebaseio.com https://js.stripe.com https://www.google-analytics.com https://www.google.com http://www.googletagmanager.com https://www.gstatic.com https://www.googleadservices.com https://ajax.googleapis.com https://*.doubleclick.net https://*.clarity.ms https://c.bing.com https://app.gmelius.com 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem https://client.crisp.chat https://*.googletagmanager.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://*.firebaseio.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.googleadservices.com https://ajax.googleapis.com https://*.doubleclick.net https://js.stripe.com https://*.clarity.ms https://c.bing.com https://app.gmelius.com https://app-staging.gmelius.com 'unsafe-inline' 'unsafe-eval' 'self'; img-src https://*.google-analytics.com https://*.googletagmanager.com https://* blob: data: 'self'; child-src 'none'; frame-ancestors chrome-extension://eimcibccahnifekbdhahgehjockhmocg chrome-extension://dheionainndbbpoacpnopgmnihkcmnkl https://gmelius.com https://mail.google.com 'self'; frame-src https://ai.gmelius.com/ https://learn.gmelius.com https://d2nnr6irhfmb65.cloudfront.net/ https://widget.writesonic.com/ https://storage.googleapis.com https://docs.google.com https://bid.g.doubleclick.net https://*.firebaseio.com https://www.loom.com https://*.typeform.com/ https://www.youtube-nocookie.com/ https://news.gmelius.com https://www.youtube-nocookie.com/ https://help.gmelius.com/ https://js.stripe.com/ https://www.google.com https://*.typeform.com/ https://www.loom.com https://share.synthesia.io; style-src https://fonts.googleapis.com https://client.crisp.chat https://app.gmelius.com https://app-staging.gmelius.com 'unsafe-inline' 'self'; font-src https://fonts.gstatic.com 'self'; connect-src https://*.google-analytics.com wss://client.relay.crisp.chat https://client.crisp.chat https://*.analytics.google.com https://*.googletagmanager.com https://api.gmelius.com https://api-staging.gmelius.com https://www.googleapis.com https://*.google-analytics.com https://securetoken.googleapis.com https://*.doubleclick.net https://api.hubapi.com wss://*.firebaseio.com https://gml.email https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://storage.googleapis.com/ https://*.clarity.ms https://c.bing.com https://identitytoolkit.googleapis.com https://app-staging.gmelius.com 'self'; worker-src 'self';

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Accept-Ranges

Performance

bytes

Connection

Performance

keep-alive

Vary

Performance

x-fh-requested-host, accept-encoding

Caching Headers

3 headers

Cache-Control

Caching

max-age=3600

Etag

Caching

"f4898d58ab244ddba6da045cc29c5fc4ff790173b4d7cf081fb0a80ea5ba6801"

Last-Modified

Caching

Tue, 18 Nov 2025 16:43:16 GMT

Content Headers

2 headers

Content-Length

Content

1752

Content-Type

Content

text/html; charset=utf-8

Server Headers

0 headers

No server headers found

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

7 headers

Alt-Svc

Other

h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

Date

Other

Fri, 21 Nov 2025 00:52:21 GMT

X-Cache

Other

HIT

X-Cache-Hits

Other

0

X-Served-By

Other

cache-pdk-kfty8610035-PDK

X-Timer

Other

S1763686342.767332,VS0,VE3

X-Ua-Compatible

Other

ie=edge

Recommendations

Enable compression (gzip/brotli) to improve performance