HTTP Headers Analysis for https://gumlet.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Excellent

deny

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Add Content-Security-Policy header to prevent XSS attacks
• Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers

Connection

Performance

close

Vary

Performance

rsc,next-router-state-tree,next-router-prefetch,Accept-Encoding

Caching Headers

3 headers

Age

Caching

1300

Cache-Control

Caching

s-maxage=1800

Etag

Caching

"6odhzpseen54mb"

Content Headers

2 headers

Content-Length

Content

239286

Content-Type

Content

text/html; charset=utf-8

Server Headers

0 headers

No server headers found

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

23 headers

Accept-Ch

Other

Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA

Alt-Svc

Other

h3=":443"; ma=86400

Content-Security-Policy-Report-Only

Other

default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/npm/@gumlet/ webapp.gumlet.com snap.licdn.com googleads.g.doubleclick.net js-na2.hs-scripts.com challenges.cloudflare.com script.hotjar.com embed.savvycal.com tracking.g2crowd.com analytics.ahrefs.com cdn.firstpromoter.com www.googletagmanager.com js-na2.hsadspixel.net js-na2.hs-banner.com js-na2.hs-analytics.net static.hotjar.com app.factors.ai; style-src 'self' 'unsafe-inline'; img-src * blob: data:; font-src 'self'; media-src video.gumlet.io js.gleap.io; object-src 'none'; base-uri 'self'; form-action 'self' *.gumlet.com https://webapp.gumlet.com; connect-src *; frame-ancestors 'none'; frame-src play.gumlet.io www.googletagmanager.com savvycal.com messenger-app.gleap.io challenges.cloudflare.com; upgrade-insecure-requests; report-to gumlet-nel;

Date

Other

Wed, 14 Jan 2026 17:52:54 GMT

Host

Other

www.gumlet.com

Nel

Other

{"report_to": "gumlet-nel", "max_age": 604800, "success_fraction": 0.01, "include_subdomains":true, "failure_fraction":1.0 }

Report-To

Other

{"group": "gumlet-nel", "max_age": 604800, "endpoints": [{"url": "https://nel.gumlytics.com/report"}]}

Reporting-Endpoints

Other

gumlet-nel="https://nel.gumlytics.com/report", default="https://nel.gumlytics.com/report"

User-Agent

Other

Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)

Via

Other

1.0 26ba804cbae0bbdf298f43f10bb64ed4.cloudfront.net (CloudFront), 1.1 309e9e958e8d35f7e17ae8ac267b7dea.cloudfront.net (CloudFront)

X-Amz-Cf-Id

Other

mSBsKyvfb3Zc_fjNniil9qZ9UAkrWo5eVeECugAqbVDounZsHmJGYQ==

X-Amz-Cf-Pop

Other

IAD12-P1

X-Amzn-Trace-Id

Other

Root=1-6967d7f6-31d783c16b541d041028e291

X-Cache

Other

Hit from cloudfront

X-Dns-Prefetch-Control

Other

on

X-Forwarded-For

Other

209.222.82.134, 64.252.73.115

X-Forwarded-Host

Other

www.gumlet.com

X-Forwarded-Port

Other

443

X-Forwarded-Proto

Other

https

X-Nextjs-Cache

Other

HIT

X-Nextjs-Prerender

Other

1

X-Nextjs-Stale-Time

Other

300

X-Url-Host

Other

www.gumlet.com

Recommendations

Enable compression (gzip/brotli) to improve performance