HTTP Headers Analysis for https://media.woopra.com

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Basic

default-src; script-src; script-src-elem; +9 more

default-src 'self' *.crazyegg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cloudinary.com *.cloudinary.com *.googletagmanager.com www.google-analytics.com *.google.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net stackpath.bootstrapcdn.com app-ab12.marketo.com snap.licdn.com connect.facebook.net munchkin.marketo.net consent.cookiebot.com vidassets.terminus.services googleads.g.doubleclick.net radar.cedexis.com www.googleadservices.com maps.googleapis.com *.fastcdn.co *.instapage.com *.instapagemetrics.com *.redditstatic.com *.gstatic.com *.crazyegg.com *.wp.com *.driftt.com script.mocky.com *.googleoptimize.com *.6sc.co ml314.com tags.srv.stackadapt.com *.convertexperiments.com *.infinigrow.com cdn.debugbear.com cdn.cookielaw.org *.onetrust.com js.zi-scripts.com ws-assets.zoominfo.com tracking-api.g2.com; script-src-elem 'self' 'unsafe-inline' cloudinary.com *.cloudinary.com code.jquery.com cdn.jsdelivr.net stackpath.bootstrapcdn.com *.googletagmanager.com www.google-analytics.com *.google.com cdn.omniconvert.com unpkg.com app-ab12.marketo.com snap.licdn.com connect.facebook.net munchkin.marketo.net consent.cookiebot.com vidassets.terminus.services googleads.g.doubleclick.net radar.cedexis.com www.googleadservices.com maps.googleapis.com *.fastcdn.co *.instapage.com *.instapagemetrics.com *.redditstatic.com *.gstatic.com *.crazyegg.com *.wp.com *.driftt.com script.mocky.com *.googleoptimize.com ml314.com *.6sc.co bat.bing.com static.ads-twitter.com www.clarity.ms tags.srv.stackadapt.com app.omniconvert.com web.omniconvert.com *.convertexperiments.com *.infinigrow.com ddzuuyx7zj81k.cloudfront.net dss6ntp5q2r0o.cloudfront.net cdnjs.cloudflare.com cdn.debugbear.com cdn.cookielaw.org *.onetrust.com js.zi-scripts.com ws-assets.zoominfo.com tracking-api.g2.com *.adroll.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.typekit.net unpkg.com cdnjs.cloudflare.com app-ab12.marketo.com *.google.com *.cloudinary.com *.crazyegg.com *.wp.com *.driftt.com script.mocky.com *.googleoptimize.com tags.srv.stackadapt.com cdn.jsdelivr.net cdn.cookielaw.org *.googletagmanager.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com *.googletagmanager.com *.typekit.net unpkg.com cdnjs.cloudflare.com app-ab12.marketo.com *.google.com *.cloudinary.com *.crazyegg.com *.wp.com *.driftt.com script.mocky.com *.googleoptimize.com tags.srv.stackadapt.com cdn.jsdelivr.net cdn.cookielaw.org; img-src 'self' data: cloudinary.com *.cloudinary.com *.google.com www.google-analytics.com secure.gravatar.com match.adsrvr.org wec-assets.terminus.services wec-assets-api.terminus.services px.ads.linkedin.com *.google.ca *.facebook.com benchmark.1e100cdn.net *.cedexis-test.com cedexis.pc.cdn.bitgravity.com ptcfc.com ubiquity.cedexis.us-east-1.prod.endpoints.ubiquity.aws.a2z.com media-akam.licdn.com *.citrix-itm-test.com ubiquity.cedexis.eu-west-1.prod.endpoints.ubiquity.aws.a2z.com direct.cedexis.us-east-1.prod.endpoints.ubiquity.aws.a2z.com a-cedexis.msedge.net 20059b.ha.azioncdn.net *.cedexis.fastlylb.net test.cedexis.gamma.endpoints.ubiquity.aws.a2z.com *.cdnvideo.ru essl-cdxs.edgekey.net direct.cedexis.ap-northeast-1.prod.endpoints.ubiquity.aws.a2z.com *.endpoints.ubiquity.aws.a2z.com level3ssl.optimicdn.com img-cedexis.mncdn.com cedexis-ssl.cdn.warpcache.net linkedin.com *.adsymptotic.com *.google.com www.googleapis.com *.gstatic.com maps.googleapis.com *.citrix.com cldmo.mo.cloudinary.net *.googletagmanager.com *.fastcdn.co *.instapage.com px4.ads.linkedin.com alb.reddit.com *.crazyegg.com *.mozilla.org *.imagecon.com script.mocky.com b.6sc.co bat.bing.com t.co analytics.twitter.com *.clarity.ms *.convertexperiments.com *.bing.com cdn.cookielaw.org dimensions-art.cloudinary.net n902wcigxi.execute-api.us-east-1.amazonaws.com *.adroll.com p28416.itm.cloud.com p118600.itm.cloud.com ml314.com x.bidswitch.net pixel.tapad.com dsum-sec.casalemedia.com sync.outbrain.com idsync.rlcdn.com pixel.rubiconproject.com image2.pubmatic.com us-u.openx.net sync.taboola.com eb2.3lift.com ib.adnxs.com *.reson8.com secure.adnxs.com dpm.demdex.net i.liadm.com; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com cdnjs.cloudflare.com use.typekit.net bat.bing.com t.co analytics.twitter.com *.wp.com cdn.cookielaw.org; connect-src 'self' cloudinary.com *.cloudinary.com www.google-analytics.com *.doubleclick.net api.lever.co *.mktoresp.com *.init.cedexis-radar.net *.cedexis.com *.facebook.com a-cedexis.msedge.net *.cedexis.fastlylb.net *.netlify.app *.instapage.com *.instapagemetrics.com *.crazyegg.com script.mocky.com mocky.com *.google.com secure.adnxs.com c.6sc.co ipv6.6sc.co *.clarity.ms bat.bing.com tags.srv.stackadapt.com app.omniconvert.com *.convertexperiments.com *.linkedin.com *.cookiebot.com *.infinigrow.com data.debugbear.com cdn.cookielaw.org epsilon.6sense.com *.6sc.co *.onetrust.com js.zi-scripts.com ws-assets.zoominfo.com ws.zoominfo.com tracking-api.g2.com n902wcigxi.execute-api.us-east-1.amazonaws.com *.algolia.net dss6ntp5q2r0o.cloudfront.net *.adroll.com cdn.jsdelivr.net; media-src 'self' cloudinary.com *.cloudinary.com blob:; worker-src 'self' blob:; frame-src stackblitz.com demo.arcade.software *.googletagmanager.com *.doubleclick.net *.productboard.com *.google.com jobs.lever.co app-ab12.marketo.com business.facebook.com consentcdn.cookiebot.com *.facebook.com *.cedexis-test.com cedexis.pc.cdn.bitgravity.com *.citrix-itm-test.com 20059b.ha.azioncdn.net essl-cdxs.edgekey.net *.cloudinary.com bid.g.doubleclick.net *.twitter.com cloudinary.com *.youtube.com *.driftt.com *.crazyegg.com *.wp.com p28416.itm.cloud.com p118600.itm.cloud.com; object-src 'none'

X-Frame-Options

Good

sameorigin

X-Content-Type-Options

Present

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

Caching Headers

4 headers

Age

Caching

46

Cache-Control

Caching

public, max-age=43200

Expires

Caching

Wed, 03 Dec 2025 17:43:13 GMT

Last-Modified

Caching

Wed, 03 Dec 2025 05:42:26 GMT

Content Headers

1 headers

Content-Type

Content

text/html; charset=UTF-8

Server Headers

1 headers

Server

cloudflare

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

_cfuvid=yA9eRojEFWlZAUpC9nTrY1SBErBRE9BTCXlpBGgSBRU-1764740593575-0.0.1.1-604800000; path=/; domain=.cloudinary.com; HttpOnly; Secure; SameSite=None

Other Headers

8 headers

Alt-Svc

Other

h3=":443"; ma=86400

Cf-Cache-Status

Other

HIT

Cf-Ray

Other

9a80bec5a956e3c6-IAD

Date

Other

Wed, 03 Dec 2025 05:43:13 GMT

Host-Header

Other

a9130478a60e5f9135f765b23f26593b

Link

Other

<https://cloudinary.com/wp-json/wp/v2/pages/52189>; rel="alternate"; title="JSON"; type="application/json"

X-Cache

Other

HIT

X-Rq

Other

dca8 0 20 9980

Recommendations

Enable compression (gzip/brotli) to improve performance