Open
Cached
·
just now
20
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Basic
default-src; sandbox; img-src; +8 more
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: https://sb.scorecardresearch.com https://*.yahoo.com blob: wss:; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation allow-presentation allow-storage-access-by-user-activation; img-src 'self' https: data: blob: https://*.yimg.com https://bats.video.yahoo.com https://*.scorecardresearch.com https://*.adaptv.advertising.com https://trk.vidible.tv https://beap.gemini.yahoo.com https://ganon.yahoo.com https://geo.yahoo.com https://api.cloudinary.com https://geo.yahoo.com https://pbs.yahoo.com https://*.pubmatic.com https://*.adsrvr.org https://*.criteo.com https://*.casalemedia.com https://*.taboola.com https://*.rubiconproject.com https://*.openx.net https://*.yieldmo.com https://*.media.net https://*.3lift.com https://*.sharethrough.com https://*.lijit.com https://*.indexww.com; object-src https://*.makers.com https://s.yimg.com https://api.cloudinary.com; worker-src 'self' blob:; manifest-src 'self' https://s.yimg.com; font-src 'self' data: https://*.makers.com https://s.yimg.com https://fonts.gstatic.com https://*.spot.im https://assets.video.yahoo.net https://www.yahoo.com https://cdn.prod.website-files.com; connect-src 'self' https://*.liadm.com https://*.makers.com https://s.yimg.com https://*.yahoo.net https://*.yahoo.com https://*.yahoosandbox.com https://*.oath.com https://*.advertising.com https://*.cdn.yimg.com https://ad.doubleclick.net https://*.doubleverify.com https://*.googlesyndication.com https://*.spot.im https://*.giphy.com https://*.vidible.com https://*.media.yahoo.com:4443 https://*.skimresources.com https://*.taboola.com https://securepubads.g.doubleclick.net https://*.spotim.market https://*.criteo.com https://*.criteo.net https://*.pubmatic.com https://*.rubiconproject.com https://*.lijit.com https://*.gumgum.com https://*.openx.net https://*.adtelligent.com https://*.casalemedia.com https://*.creativecdn.com https://*.adnxs.com https://*.nighttstand.com https://*.rlcdn.com https://*.adsrvr.org https://*.adform.net https://*.vidible.tv https://*.uplynk.com https://*.edgekey.net https://*.doubleclick.net https://d1z2jf7jlzjs58.cloudfront.net https://*.pixel.parsely.com https://*.aniview.com https://*.ad-score.com https://polarcdn-terrax.com https://*.polarcdn-terrax.com https://*.polarcdn.com https://polarcdn-engine.com https://polarcdn-pentos.com https://videodelivery.net https://*.videodelivery.net https://sf-hs-sg.ibytedtos.com https://b1h.zemanta.com https://hb-api.omnitagjs.com https://search.spotxchange.com https://video-api.yql.yahoo.com https://edgecast-vod.yimg.com https://assets.video.yahoo.net https://cdn-ssl.vidible.tv/prod https://*.doubleclick.net https://edgecast-vod.yahoo.net https://*.vpg.cdn.yimg.com https://s.yimg.com https://media.zenfs.com https://assets.video.yahoo.net https://ads.adaptv.advertising.com https://video.adaptv.advertising.com https://tpc.googlesyndication.com/ima3vpaid https://*.adsafeprotected.com https://*.pictela.net https://api.cloudinary.com https://*.media.net https://events.newsroom.bi https://flowcards.mrf.io https://compassdata.mrf.io https://sdk.mrf.io https://s.yimg.com/oa/ https://api.privacy-center.org/v1/events https://api.privacy-center.org/v1/metrics https://api.privacy-center.org/v1/sync https://api.privacy-center.org/v1/locations https://ec.yimg.com/didomi https://guce.makers.com/ https://guce.oath.com/ https://consent.yahoo.com/ https://*.clean.gg https://*.yieldmo.com https://*.3lift.com https://*.sharethrough.com https://*.lijit.com https://*.indexww.com https://sdk.privacy-center.org/f5623e34-377a-419c-8bb7-3928cebffbc9/ https://api.alyavista.com https://cdn.prod.website-files.com; frame-ancestors 'self' https://*.makers.com https://*.oath.com https://*.yahoo.com; report-uri https://csp.yahoo.com/beacon/csp?src=makers; report-to csp-endpoint;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer-when-downgrade
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
keep-alive
Transfer-Encoding
Performance
chunked
Vary
Performance
accept-encoding
Caching Headers
2 headers
Age
Caching
550572
Last-Modified
Caching
Wed, 12 Nov 2025 20:23:50 GMT
Content Headers
1 headers
Content-Type
Content
text/html
Server Headers
1 headers
Server
Server
cloudflare
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
_cfuvid=GbTaJcPx58Ghbbhm7ywV9jABOGR0ufhcw6wc5KZ4O8M-1763529675095-0.0.1.1-604800000; HttpOnly; SameSite=None; Secure; Path=/; Domain=.webflow.makers.com
Other Headers
6 headers
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
9a0d43547866d6f0-IAD
Date
Other
Wed, 19 Nov 2025 05:21:15 GMT
Surrogate-Control
Other
max-age=2147483647
Surrogate-Key
Other
webflow.makers.com 688bd7a7c05ff43124214738 pageId:688bd7a7c05ff431242147ef
X-Lambda-Id
Other
4b3248da-e773-42b2-b9e4-2b7e8e22040f
Recommendations
Enable compression (gzip/brotli) to improve performance
Add Cache-Control header to optimize caching
Analysis completed in 0ms