Open
Cached
·
just now
19
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=631138519
Content-Security-Policy
Basic
default-src; connect-src; frame-ancestors; +7 more
default-src 'self' https: 'unsafe-inline' blob: data:; connect-src 'self' account.envato.com:* *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.googlesyndication.com *.litix.io *.wistia.com embedwistia-a.akamaihd.net api.btloader.com www.facebook.com consentcdn.cookiebot.com www.clarity.ms a.clarity.ms b.clarity.ms c.clarity.ms d.clarity.ms e.clarity.ms f.clarity.ms g.clarity.ms h.clarity.ms i.clarity.ms j.clarity.ms k.clarity.ms l.clarity.ms m.clarity.ms n.clarity.ms o.clarity.ms p.clarity.ms q.clarity.ms r.clarity.ms s.clarity.ms t.clarity.ms u.clarity.ms v.clarity.ms w.clarity.ms x.clarity.ms y.clarity.ms z.clarity.ms c.bing.com *.amazon-adsystem.com cdn.jsdelivr.net *.publisher-services.amazon.dev id5-sync.com lb.eu-1-id5-sync.com/lb/v1 www.tiktok.com www.tiktokcdn.com static.tutsplus.com/; frame-ancestors 'self'; frame-src www.tiktok.com www.facebook.com/ platform.twitter.com/ www.youtube.com www.instagram.com twitter.com www.linkedin.com/ assets.pinterest.com/ mastodon.social/ consentcdn.cookiebot.com/ www.recaptcha.net/ codepen.io/ cdpn.io/ *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.googlesyndication.com www.googleadservices.com fast.wistia.net; img-src 'self' https: 'unsafe-inline' blob: data: www.tiktokcdn.com; media-src 'self' https: 'unsafe-inline' blob: data: www.tiktokcdn.com; object-src 'none'; script-src 'self' https: 'unsafe-inline' blob: data: 'unsafe-eval' www.tiktok.com www.tiktokcdn.com; style-src 'self' https: 'unsafe-inline' blob: data: www.tiktokcdn.com; report-uri https://mon.tiktokv.com/monitor_browser/collect/batch/security/?bid=tiktok_pns
X-Frame-Options
Good
sameorigin
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Caching Headers
0 headers
No caching headers found
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
2 headers
Server
Server
cloudflare
X-Runtime
Server
0.068607
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
__cf_bm=5QYkTUxyRMlOkj327Xw_GHq9GsUV1uKUjygL7cGplgw-1767368461-1.0.1.1-P.dSaVEmbxxtw22rKKqQrHbomFJ3YV4Q4XTtHv5B6kJnoV9BcCYFohe4SundwYM7LIXJwoMO6KKKkQKC0ocKCCj7xmthaMkrJa_B3JDVp.8; path=/; expires=Fri, 02-Jan-26 16:11:01 GMT; domain=.tutsplus.com; HttpOnly; Secure; SameSite=None
Other Headers
8 headers
Alt-Svc
Other
h3=":443"; ma=86400
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
9b7b5bb3191ad6d0-IAD
Date
Other
Fri, 02 Jan 2026 15:41:01 GMT
Link
Other
<https://static.tutsplus.com/packs/static/fonts/fa-solid-900-130191cbdfe1d7a5dde9.woff2>; rel=preload; as=font; type=font/woff2; crossorigin=anonymous,<https://static.tutsplus.com/packs/static/fonts/fa-regular-400-7b8124cb811f19c72e48.woff2>; rel=preload; as=font; type=font/woff2; crossorigin=anonymous,<https://static.tutsplus.com/packs/static/fonts/fa-brands-400-78547c4b11a377e195ff.woff2>; rel=preload; as=font; type=font/woff2; crossorigin=anonymous,<https://static.tutsplus.com/packs/js/runtime-19943e64c9884bf4156f.js>; rel=preload; as=script; nopush,<https://static.tutsplus.com/packs/js/549-95c2196107c2425cbb9a.js>; rel=preload; as=script; nopush,<https://static.tutsplus.com/packs/js/692-c9d3e303592f2fb87a6b.js>; rel=preload; as=script; nopush,<https://static.tutsplus.com/packs/js/766-f420152e71d8cd1d2ab2.js>; rel=preload; as=script; nopush,<https://static.tutsplus.com/packs/js/697-2b0c431a045f686179ba.js>; rel=preload; as=script; nopush
X-Download-Options
Other
noopen
X-Permitted-Cross-Domain-Policies
Other
none
X-Request-Id
Other
db9f7887-fe31-432c-b3e9-9ad699429e3d
Recommendations
Enable compression (gzip/brotli) to improve performance
Add Cache-Control header to optimize caching