Open
Cached
·
just now
20
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Good
base-uri; block-all-mixed-content; child-src; +12 more
base-uri 'self'; block-all-mixed-content; child-src 'self'; connect-src 'self' http://127.0.0.1:* http://localhost:* https://id.superhuman.com https://gnar.grammarly.com/events https://f-log-at.grammarly.io/logv2 https://auth.grammarly.com https://gateway.grammarly.com/experimentation/treatment https://login.femetrics.grammarly.io/batch/import https://login.microsoftonline.com https://graph.microsoft.com https://www.google.com/recaptcha/ https://transcend-cdn.com/cm/ https://telemetry.transcend.io/ https://coda.io; default-src 'self'; font-src 'self' https://static-web.grammarly.com; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; form-action 'self'; frame-ancestors 'self'; img-src 'self' https://id.superhuman.com https://static-web.grammarly.com https://static.grammarly.com; object-src 'none'; script-src 'self' https://id.superhuman.com 'sha256-Tm6TOsop0bNhh3uPL7kvaRPGHrN6ztICYuZP/+GIL30=' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://transcend-cdn.com/cm/ https://telemetry.transcend.io/; style-src 'self' https://id.superhuman.com 'unsafe-inline' https://transcend-cdn.com/cm/; manifest-src 'self'; worker-src 'self';
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Strengthen CSP by removing 'unsafe-eval'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Caching Headers
3 headers
Cache-Control
Caching
public,max-age=0
Etag
Caching
"edfb574944b09678ed65eeee1cbd4f95"
Last-Modified
Caching
Wed, 14 Jan 2026 19:16:28 GMT
Content Headers
2 headers
Content-Length
Content
8082
Content-Type
Content
text/html
Server Headers
1 headers
Server
Server
AmazonS3
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
7 headers
Date
Other
Fri, 16 Jan 2026 03:39:59 GMT
Via
Other
1.1 18591001335591ffb831001ad8b75762.cloudfront.net (CloudFront)
X-Amz-Cf-Id
Other
YpM4hYNPjB9t07ANKOOtMRLTb_0MUnsEBr9seVK8nv3FG_MeUuS8yg==
X-Amz-Cf-Pop
Other
IAD61-P3
X-Amz-Server-Side-Encryption
Other
AES256
X-Amz-Version-Id
Other
null
X-Cache
Other
Miss from cloudfront
Recommendations
Enable compression (gzip/brotli) to improve performance