Open
Cached
·
just now
21
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Basic
default-src; script-src; style-src; +10 more
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.app-ninja.com https://*.afterpay.com/ https://s3-us-west-2.amazonaws.com/jsstore/ https://*.doubleclick.net/ https://*.googletagmanager.com https://www.google-analytics.com/ https://www.googletagmanager.com https://js.intercomcdn.com/ https://js.squarecdn.com/ https://js.stripe.com/ https://maps.googleapis.com/ https://static-tracking.klaviyo.com/ https://static.klaviyo.com/ https://widget.intercom.io/ https://www.affirm.com/ https://static.intercomassets.com/ https://cdn1.affirm.com https://m.stripe.network https://www.paypal.com/sdk/js https://www.paypalobjects.com/muse/muse.js https://www.redditstatic.com/ads/pixel.js https://www.refersion.com/ https://www.youtube.com/ https://yoast.com/ https://abodestore.wpenginepowered.com/ https://tracker.affirm.com/ https://messenger-apps.intercom.io/; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://static.klaviyo.com/; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.app-ninja.com https://google.com/ https://*.afterpay.com https://*.affirm.com/ https://*.google-analytics.com https://*.analytics.google.com https://*.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net https://tracker.affirm.com/ https://js.intercomcdn.com/ https://messenger-apps.intercom.io/ https://a.klaviyo.com https://api-iam.intercom.io https://cdn-assets.affirm.com https://fast.a.klaviyo.com https://fonts.googleapis.com https://iq.afterpay.com https://maps.googleapis.com https://pixel-config.reddit.com https://portal.afterpay.com https://rp.liadm.com https://static-forms.klaviyo.com https://www.affirm.com https://downloads.intercomcdn.com/ https://static.intercomassets.com/ https://www.paypal.com https://www.redditstatic.com https://yoast.com wss://nexus-websocket-a.intercom.io; font-src 'self' data: https://fonts.gstatic.com https://fonts.intercomcdn.com/; frame-src 'self' https://www.youtube-nocookie.com/ https://www.youtube.com/ https://td.doubleclick.net https://www.googletagmanager.com https://js.stripe.com https://placement-api.us.afterpay.com https://portal.afterpay.com https://www.paypalobjects.com https://www.youtube.com https://www.refersion.com https://*.affirm.com/; img-src 'self' data: https://www.google-analytics.com/ https://www.google.com/ https://woocommerce.com/ https://*.ytimg.com/ https://*.cloudfront.net/company/Msy8XU/ https://maps.googleapis.com/ https://js.intercomcdn.com/ https://alb.reddit.com https://maps.gstatic.com https://secure.gravatar.com https://site-assets.afterpay.com https://static.afterpay.com https://t.paypal.com https://static.intercomassets.com/ https://downloads.intercomcdn.com/ https://tracker.affirm.com/ https://messenger-apps.intercom.io/; manifest-src 'self'; frame-ancestors 'self' https://*.intercomcdn.com/ https://*.affirm.com/ https://*.afterpay.com; media-src 'self' https://*.intercomcdn.com/ https://*.cloudfront.net/company/Msy8XU/; worker-src blob:;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Present
same-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Content-Type-Options: nosniff
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding,Cookie
Caching Headers
1 headers
Cache-Control
Caching
max-age=600, must-revalidate
Content Headers
1 headers
Content-Type
Content
text/html; charset=UTF-8
Server Headers
2 headers
Server
Server
cloudflare
X-Powered-By
Server
WP Engine
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
__cf_bm=1JfrlmhMZ6Yy9gdcSfmcOuKtOBHbcLb2B_nG_itC9vU-1769337990-1.0.1.1-dDyeXsOjjzrzK.vDtZuNEj2dDBtB.LX0GesbC78coKuihDhgRQwuOQ.aFUn5dUQEeZLe57QAnY7u2o1tG95YH0gxYnNspdm6Kay6j__ER3Y; path=/; expires=Sun, 25-Jan-26 11:16:30 GMT; domain=.goabode.com; HttpOnly; Secure; SameSite=None
Other Headers
10 headers
Alt-Svc
Other
h3=":443"; ma=86400
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
9c372fe79d8f46fd-IAD
Date
Other
Sun, 25 Jan 2026 10:46:30 GMT
Link
Other
<https://goabode.com/>; rel=shortlink
X-Cache
Other
HIT: 1
X-Cache-Group
Other
normal
X-Cacheable
Other
SHORT
X-Permitted-Cross-Domain-Policies
Other
none
X-Pingback
Other
https://goabode.com/xmlrpc.php
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology