Open
Cached
·
just now
25
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Weak
max-age=0
Content-Security-Policy
Basic
default-src; base-uri; block-all-mixed-content; +12 more
default-src 'self' https: http:; base-uri 'self' *.cloudfront.net; block-all-mixed-content; font-src 'self' https: data:; frame-ancestors 'self' https: data:; frame-src 'self' https: data:; img-src 'self' data: blob: *.newrelic.com *.commercecloud.salesforce.com *.lumens.com *.signifyd.com *.online-metrix.net s7d1.scene7.com s7d5.scene7.com images.ctfassets.net storage.googleapis.com cdn.ywxi.net www.gstatic.com *.google.com *.paypal.com *.bing.com *.facebook.com *.everesttech.net *.omtrdc.net *.ydesigngroup.com *.listrakbi.com *.doubleclick.net *.liadm.com *.agkn.com *.rtactivate.com *.dtstmio.com *.cloudfront.net *.datasteam.io *.equalweb.com *.cookielaw.org *.googletagmanager.com *.demdex.net *.espssl.com *.powerreviews.com sdk.helloextend.com api.helloextend.com api-demo.helloextend.com *.cloudinary.com *.facebook.net *.clarity.ms *.modernimpact.com *.amazonaws.com *.adnxs.com *.ojrq.net *.gladly.com *.smooch.io; manifest-src 'self' https: http:; media-src 'self' https: http: data: blob:; object-src 'self' https: http:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.online-metrix.net *.newrelic.com *.nr-data.net runtime.commercecloud.com *.googleapis.com *.lumens.com cdn.gladly.qa *.gladly.com *.smooch.io d1fc8wv8zag5ca.cloudfront.net cdnjs.cloudflare.com www.googlecommerce.com *.curalate.com *.google.com *.googletagmanager.com *.google-analytics.com js.cnnx.link *.paypal.com *.datasteam.io *.facebook.net *.impactradius-event.com *.pinimg.com *.googleadservices.com *.usabilla.com *.zi-scripts.com *.bing.com *.taboola.com *.adobedtm.com cnstrc.com *.cnstrc.com *.listrakbi.com *.omtrdc.net *.listrak.com *.equalweb.com tags.pw.adn.cloud www.paypalobjects.com *.stape.ma *.pinterest.com *.agkn.com *.zoominfo.com *.adn.cloud *.facebook.com *.cookielaw.org *.bing-int.com *.powerreviews.com sdk.helloextend.com api.helloextend.com api-demo.helloextend.com *.signifyd.com *.iesnare.com *.doubleclick.net *.gladly.chat *.clarity.ms *.kyc.red *.tintup.com *.publitas.com *.cquotient.com *.newrelic.com *.scene7.com *.verygoodvault.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-hashes' https: http:; style-src 'self' https: 'unsafe-inline'; connect-src 'self' runtime.commercecloud.com *.lumens.com *.signifyd.com *.newrelic.com *.nr-data.net cdn.gladly.qa *.gladly.com *.smooch.io d1fc8wv8zag5ca.cloudfront.net cdnjs.cloudflare.com www.googlecommerce.com *.google.com *.googletagmanager.com *.google-analytics.com js.cnnx.link *.paypal.com *.datasteam.io *.facebook.net *.impactradius-event.com *.pinimg.com *.googleadservices.com *.usabilla.com *.zi-scripts.com *.bing.com *.taboola.com *.adn.cloud *.demdex.net *.omtrdc.net *.doubleclick.net *.listrak.com *.cnstrc.com *.listrakbi.com *.mobify-storefront.com *.evyy.net *.impct.site *.pinterest.com *.stape.ma *.zoominfo.com *.equalweb.com *.facebook.com *.run.app *.cookielaw.org *.onetrust.com *.powerreviews.com sdk.helloextend.com api.helloextend.com api-demo.helloextend.com *.cloudinary.com *.gladly.chat wss://*.gladly.chat *.clarity.ms *.ydesigngroup.com *.sinter-collect.com *.verygoodvault.com; upgrade-insecure-requests
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
same-origin
Permissions-Policy
Present
accelerometer=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
Performance Headers
1 headers
Connection
Performance
close
Caching Headers
2 headers
Cache-Control
Caching
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires
Caching
Thu, 01 Jan 1970 00:00:01 GMT
Content Headers
2 headers
Content-Length
Content
6894
Content-Type
Content
text/html; charset=UTF-8
Server Headers
1 headers
Server
Server
cloudflare
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
__cf_bm=9CxbzhzD1NE3eOvpGdM96BoSjbMdGoCMmfIpdzkjC9k-1769963667-1.0.1.1-FGGoLAK5n5Ufd9lK0k8TqB.vDjIZFtD24v8s6GdYnlxNq9Ua8.VdSFdbO1z7z9wdIQxoOtuqoO8VJcLSqYp.y2K5j3k1S3xnajubZSgVPXw; path=/; expires=Sun, 01-Feb-26 17:04:27 GMT; domain=.www.lumens.com; HttpOnly; Secure; SameSite=None
Other Headers
7 headers
Accept-Ch
Other
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cf-Mitigated
Other
challenge
Cf-Ray
Other
9c72db36ef7af4e2-IAD
Critical-Ch
Other
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Date
Other
Sun, 01 Feb 2026 16:34:27 GMT
Origin-Agent-Cluster
Other
?1
Server-Timing
Other
chlray;desc="9c72db36ef7af4e2"
Recommendations
Enable compression (gzip/brotli) to improve performance