HTTP Headers Analysis for https://m2crowd.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Basic

default-src; script-src; style-src; +5 more

default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.m2crowd.com https://m2crowd.com https://*.zohostatic.com https://fonts.bunny.net https://m2crowd.com https://bat.bing.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://fonts.bunny.net https://katipult.m2crowd.com https://m2crowd.com https://cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.m2crowd.com https://m2crowd.com https://www.googletagmanager.com https://www.google-analytics.com https://*.hotjar.com https://*.zoho.com https://*.zohocdn.com https://*.zohostatic.com https://bat.bing.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://salesiq.zohopublic.com https://api.ipify.org; style-src 'self' 'unsafe-inline' https://*.m2crowd.com https://m2crowd.com https://fonts.googleapis.com https://*.zohocdn.com https://*.zohostatic.com https://fonts.bunny.net/ https://maxcdn.bootstrapcdn.com/ https://cdn.jsdelivr.net; img-src 'self' data: https://m2crowd.com https://*.m2crowd.com https://m2crowd.com https://m2crowd.com https://www.google.com https://www.google-analytics.com https://*.gravatar.com https://www.google.com.mx https://*.zohocdn.com https://*.zohopublic.com https://www.googletagmanager.com https://m2crowd.com https://bat.bing.com https://m2crowd.com https://m2crowd.com https://m2crowd-projects-content-management.s3.us-east-2.amazonaws.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.m2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.zoho.com https://*.hotjar.com/ https://*.zohopublic.com wss://vts.zohopublic.com wss://ws22.hotjar.com https://katipult.m2crowd.com https://bat.bing.com https://analytics.google.com https://www.google.com.mx https://api.ipify.org; font-src 'self' 'unsafe-inline' data: https://m2crowd.com https://fonts.gstatic.com https://*.zohocdn.com https://fonts.bunny.net https://maxcdn.bootstrapcdn.com/; frame-ancestors 'self' https://*.zoho.com https://*.m2crowd.com; frame-src data: https://*.zoho.com https://*.zohopublic.com https://*.hotjar.com https://m2crowd.com https://m2crowd.com https://*.m2crowd.com https://td.doubleclick.net https://www.youtube.com/

X-Frame-Options

Present

ALLOW-FROM *

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer-when-downgrade

Permissions-Policy

Present

camera=(), fullscreen=(self), geolocation=(), microphone=(self), payment=()

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'

Performance Headers

3 headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Vary

Performance

Accept-Encoding

Caching Headers

0 headers

No caching headers found

Content Headers

2 headers

Content-Length

Content

189792

Content-Type

Content

text/html; charset=UTF-8

Server Headers

1 headers

Server

Flywheel/5.1.0

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

16 headers

Date

Other

Wed, 28 Jan 2026 05:11:11 GMT

Fastly-Restarts

Other

1

Link

Other

<https://m2crowd.com/>; rel=shortlink

X-Cache

Other

MISS, MISS

X-Cache-Hits

Other

0, 0

X-Cacheable

Other

YES

X-Fw-Dynamic

Other

TRUE

X-Fw-Hash

Other

4x5fj2pkn3

X-Fw-Serve

Other

TRUE

X-Fw-Server

Other

Flywheel/5.1.0

X-Fw-Static

Other

NO

X-Fw-Type

Other

FLYWHEEL_BOT

X-Fw-Version

Other

5.0.0

X-Served-By

Other

cache-iad-kiad7000055-IAD, cache-iad-kcgs7200098-IAD

X-Timer

Other

S1769577068.458758,VS0,VE3478

X-Ua-Compatible

Other

IE=edge

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching