Open
Cached
·
just now
24
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=15768000
Content-Security-Policy
Good
default-src; script-src; style-src; +5 more
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Strengthen CSP by removing 'unsafe-eval'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Connection
Performance
Transfer-Encoding
Transfer-Encoding
Performance
chunked
Caching Headers
4 headers
Cache-Control
Caching
public, max-age=60
Etag
Caching
"1762183967-gzip"
Expires
Caching
Tue, 04 Nov 2025 11:40:27 GMT
Last-Modified
Caching
Mon, 03 Nov 2025 15:32:47 GMT
Content Headers
2 headers
Content-Language
Content
en
Content-Type
Content
text/html; charset=UTF-8
Server Headers
0 headers
No server headers found
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
11 headers
Date
Other
Tue, 04 Nov 2025 11:39:27 GMT
Server-Timing
Other
ak_p; desc="1762256367317_390260884_418398231_9663_9245_21_37_-";dur=1
X-Age
Other
240
X-Ah-Environment
Other
prod
X-Akamai-Transformed
Other
9 - 0 pmb=mRUM,1
X-Cache-Hits
Other
11
X-Content-Security-Policy
Other
default-src 'self' data: drupal.org *.typekit.net *.crazyegg.com; script-src 'unsafe-inline' 'self' data: drupal.org *.typekit.net cdnjs.cloudflare.com themes.googleusercontent.com unpkg.com cdn.jsdelivr.net www.google-analytics.com www.google.com www.gstatic.com js-agent.newrelic.com bam.nr-data.net player.vimeo.com www.googletagmanager.com gov-bam.nr-data.net js-agent.newrelic.com *.crazyegg.com static.adds-twitter.com snap.licdn.com *.teads.tv connect.facebook.net *.linkedin.com *.doubleclick.net *.facebook.com px.ads.linkedin.com cdn.linkedin.oribi.io static.ads-twitter.com s.go-mpulse.net c.go-mpulse.net *.osano.com analytics.google.com blob:; style-src 'unsafe-inline' 'self' data: blob: drupal.org *.typekit.net cdnjs.cloudflare.com themes.googleusercontent.com unpkg.com cdn.jsdelivr.net www.google-analytics.com www.google.com www.gstatic.com fonts.googleapis.com *.fonts.net *.osano.com *.crazyegg.com; img-src 'self' www.facebook.com analytics.twitter.com t.co www.google-analytics.com www.google.com *.teads.tv px.ads.linkedin.com www.googletagmanager.com www.linkedin.com data: *.crazyegg.com; frame-src 'self' www.youtube.com www.facebook.com www.google.com html5-player.libsyn.com playlist.megaphone.fm www.podcastone.com p.teads.tv fledge.teads.tv *.osano.com *.crazyegg.com; child-src 'self' data: blob: drupal.org *.typekit.net *.osano.com; font-src 'self' fonts.gstatic.com fast.fonts.net; connect-src 'self' data: drupal.org *.typekit.net www.google-analytics.com cdn.linkedin.oribi.io cm.teads.tv *.doubleclick.net *.crazyegg.com bam.nr-data.net www.facebook.com t.teads.tv *.osano.com c.go-mpulse.net *.akstat.io analytics.google.com *.akamaihd.net px.ads.linkedin.com
X-Drupal-Dynamic-Cache
Other
MISS
X-Generator
Other
Drupal 10 (https://www.drupal.org)
X-Request-Id
Other
v-597a9472-b8ca-11f0-941f-a7c7ed0c3c5b
X-Webkit-Csp
Other
default-src 'self' data: drupal.org *.typekit.net *.crazyegg.com; script-src 'unsafe-inline' 'self' data: drupal.org *.typekit.net cdnjs.cloudflare.com themes.googleusercontent.com unpkg.com cdn.jsdelivr.net www.google-analytics.com www.google.com www.gstatic.com js-agent.newrelic.com bam.nr-data.net player.vimeo.com www.googletagmanager.com gov-bam.nr-data.net js-agent.newrelic.com *.crazyegg.com static.adds-twitter.com snap.licdn.com *.teads.tv connect.facebook.net *.linkedin.com *.doubleclick.net *.facebook.com px.ads.linkedin.com cdn.linkedin.oribi.io static.ads-twitter.com s.go-mpulse.net c.go-mpulse.net *.osano.com analytics.google.com blob:; style-src 'unsafe-inline' 'self' data: blob: drupal.org *.typekit.net cdnjs.cloudflare.com themes.googleusercontent.com unpkg.com cdn.jsdelivr.net www.google-analytics.com www.google.com www.gstatic.com fonts.googleapis.com *.fonts.net *.osano.com *.crazyegg.com; img-src 'self' www.facebook.com analytics.twitter.com t.co www.google-analytics.com www.google.com *.teads.tv px.ads.linkedin.com www.googletagmanager.com www.linkedin.com data: *.crazyegg.com; frame-src 'self' www.youtube.com www.facebook.com www.google.com html5-player.libsyn.com playlist.megaphone.fm www.podcastone.com p.teads.tv fledge.teads.tv *.osano.com *.crazyegg.com; child-src 'self' data: blob: drupal.org *.typekit.net *.osano.com; font-src 'self' fonts.gstatic.com fast.fonts.net; connect-src 'self' data: drupal.org *.typekit.net www.google-analytics.com cdn.linkedin.oribi.io cm.teads.tv *.doubleclick.net *.crazyegg.com bam.nr-data.net www.facebook.com t.teads.tv *.osano.com c.go-mpulse.net *.akstat.io analytics.google.com *.akamaihd.net px.ads.linkedin.com
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 317ms