HTTP Headers Analysis for https://levelaccess.com

Detected Technologies from Headers

See all in URL Inspect 59

AWS CloudFront

Google AdSense

Google Tag Manager

WP Engine

Bing

G2

SurveyMonkey

Google Hosted Libraries

AppNexus (Xandr)

WordPress

Webflow

HubSpot Forms

Cookiebot

Capterra

HubSpot Feedback & Surveys

Google DoubleClick

AdRoll

Google Analytics

Microsoft Advertising

Google Conversion Tracking

Yoast

6sense

Cloudflare CDN Active incidents

Greenhouse

Google API JS Client

Google Fonts

Level Access

Vidyard

Wistia

Hotjar

ZoomInfo Active incidents

Influ2

HubSpot Analytics

unpkg

Google Search

BootstrapCDN

Adobe Marketo

Demandbase

Qualified

Facebook

Amazon S3

NitroPack

AddEvent

Recruitics

AddToAny

Rollbar

Cloudflare CDNJS Active incidents

jQuery

Visual Website Optimizer

Akamai Active incidents

HubSpot

Intercom

Highcharts

YouTube

The Trade Desk

HubSpot Live Chat

Sentry

jsDelivr

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Basic

frame-ancestors; block-all-mixed-content; script-src; +12 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding,Cookie

connection: close
transfer-encoding: chunked
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding,Cookie

Caching Headers

Cache-Control

Caching

max-age=600, must-revalidate

cache-control: max-age=600, must-revalidate

Content Headers

Content-Type

Content

text/html; charset=UTF-8

content-type: text/html; charset=UTF-8

Server Headers

Server

cloudflare

X-Powered-By

Server

WP Engine

server: cloudflare
x-powered-by: WP Engine

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: __cf_bm=u..XmyMt07p.0.o0MbOAcJFNe.GR2uhCJjgsrzH2NbQ-1777406916.3073742-1.0.1.1-xvo2f4juT_TVSttnQCoyGbnlhbnc1yelv0VDoFtZX5a_UYEjuv2vXRzrjEtlKwKj6Ouaxk0lV0hcHdjOBSrjyV6mQyYSEP5RZShiAEsk1an7pLIG5g2woCwHBzc3iymh; HttpOnly; Secure; Path=/; Domain=www.levelaccess.com; Expires=Tue, 28 Apr 2026 20:38:36 GMT

Other Headers

Accept-Ch

Other

Sec-CH-UA-Mobile

Alt-Svc

Other

h3=":443"; ma=86400

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9f38b32aea813897-IAD

Date

Other

Tue, 28 Apr 2026 20:08:36 GMT

Link

Other

URL

https://cdn-ileifnf.nitrocdn.com

rel=preconnect

URL

https://www.levelaccess.com/

rel=shortlink

X-Cache

Other

X-Cache-Ctime

Other

1777405795

X-Cache-Group

Other

normal

X-Cacheable

Other

SHORT

X-Nitro-Cache

Other

HIT

X-Nitro-Cache-From

Other

drop-in

X-Nitro-Rev

Other

91bef4d

X-Orig-Cache-Control

Other

no-cache

accept-ch: Sec-CH-UA-Mobile
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 9f38b32aea813897-IAD
date: Tue, 28 Apr 2026 20:08:36 GMT
link: <https://cdn-ileifnf.nitrocdn.com>; rel=preconnect, <https://www.levelaccess.com/>; rel=shortlink
x-cache: HIT: 9
x-cache-ctime: 1777405795
x-cache-group: normal
x-cacheable: SHORT
x-nitro-cache: HIT
x-nitro-cache-from: drop-in
x-nitro-rev: 91bef4d
x-orig-cache-control: no-cache

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology