Open
Cached
·
just now
20
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
same-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Add Content-Security-Policy header to prevent XSS attacks
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding
Caching Headers
2 headers
Age
Caching
164199
Last-Modified
Caching
Wed, 19 Nov 2025 12:16:24 GMT
Content Headers
1 headers
Content-Type
Content
text/html
Server Headers
0 headers
No server headers found
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
_cfuvid=JjZ7Lu8esKfB39S9cSaXj2ElnZQAHaZQZz4ZAyjIOt0-1763718783279-0.0.1.1-604800000; path=/; domain=.cdn.webflow.com; HttpOnly; Secure; SameSite=None
Other Headers
10 headers
Alt-Svc
Other
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Cf-Cache-Status
Other
HIT
Cf-Ray
Other
9a1f4c3b4de2c58d-IAD
Content-Security-Policy-Report-Only
Other
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' Player/flowplay.js https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js https://assets-global.website-files.com/656db9d2a0a4556c7301b80a/js/webflow.9f1d254fa.js https://cdn.heapanalytics.com/js/heap-1645308922.js https://cdn.jsdelivr.net/gh/videsigns/webflow-tools@latest/Media https://cdn.jsdelivr.net/npm/@finsweet/attributes-cmsfilter@1/cmsfilter.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-cmsselect@1/cmsselect.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-formsubmit@1/formsubmit.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-selectcustom@1/selectcustom.js https://cdn.jsdelivr.net/npm/@finsweet/cookie-consent@1/fs-cc.js https://cdn.jsdelivr.net/npm/swiper@11/swiper-bundle.min.js https://cdn.prod.website-files.com/656db9d2a0a4556c7301b80a/js/webflow.107f32587.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.3/ScrollTrigger.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.3/gsap.min.js https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.5.1/highlight.min.js https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js https://hubspotonwebflow.com/assets/js/form-124.js https://js-eu1.hs-analytics.net/analytics/1711618800000/25393921.js https://js-eu1.hs-analytics.net/analytics/1711666200000/25393921.js https://js-eu1.hs-analytics.net/analytics/1723072800000/25393921.js https://js-eu1.hs-banner.com/25393921.js https://js-eu1.hs-banner.com/v2/25393921/banner.js https://js-eu1.hs-scripts.com/25393921.js https://js-eu1.hscollectedforms.net/collectedforms.js https://js-eu1.usemessages.com/conversations-embed.js https://plausible.io/js/script.js https://unpkg.com https://unpkg.com/split-type https://unpkg.com/swiper/swiper-bundle.min.js https://ws.zoominfo.com/pixel/6318ef9b7326f94006446c6b https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self' 'unsafe-inline' https://assets-global.website-files.com https://cdn.prod.website-files.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://unpkg.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://analytics.google.com https://api-eu1.hubspot.com https://assets-global.website-files.com https://cdn.prod.website-files.com https://dc8jmdyhm5-1.algolianet.com https://dc8jmdyhm5-2.algolianet.com https://dc8jmdyhm5-dsn.algolia.net https://exceptions-eu1.hs-embed-reporting.com https://forms-eu1.hscollectedforms.net https://heapanalytics.com https://hubspotonwebflow.com https://js-eu1.hs-banner.com https://plausible.io https://region1.analytics.google.com https://region1.google-analytics.com https://static.hsappstatic.net https://stats.g.doubleclick.net https://webflow.com https://ws.zoominfo.com https://www.google-analytics.com https://www.google.ca https://www.google.co.in https://www.google.com.pk https://www.google.pl https://www.google.pt; font-src 'self' data: https://fonts.gstatic.com https://static.hsappstatic.net; frame-src 'self' https://app-eu1.hubspot.com https://td.doubleclick.net https://www.googletagmanager.com https://www.youtube.com; img-src 'self' blob: data: https://analytics.google.com https://assets-global.website-files.com https://avatars.githubusercontent.com https://cdn.prod.website-files.com https://exceptions-eu1.hs-embed-reporting.com https://forms-eu1.hsforms.com https://github.com https://heapanalytics.com https://i.ytimg.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://track-eu1.hubspot.com https://www.google-analytics.com https://www.google.at https://www.google.be https://www.google.ca https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.uk https://www.google.com.au https://www.google.com.gh https://www.google.com.ph https://www.google.com.pk https://www.google.de https://www.google.es https://www.google.fr https://www.google.li https://www.google.nl https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.se https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' https://assets-global.website-files.com https://cdn.prod.website-files.com https://tonikstudio.fra1.cdn.digitaloceanspaces.com; report-uri https://6602a323bc57ae1120bf88dc.endpoint.csper.io/?v=7; worker-src 'none';
Date
Other
Fri, 21 Nov 2025 09:53:03 GMT
Surrogate-Control
Other
max-age=432000
Surrogate-Key
Other
webflow.mondoo.com 656db9d2a0a4556c7301b80a pageId:6800c42451994373b0e8b43d 665f668a27874a2cb6388c31 680a13383d8ccae9c2b3aeb8
Via
Other
1.1 google
X-Cluster-Name
Other
us-east-1-prod-hosting-red
X-Lambda-Id
Other
cb20fa9d-2643-46b4-ba84-64a17e63ed5e
Recommendations
Enable compression (gzip/brotli) to improve performance
Add Cache-Control header to optimize caching
Analysis completed in 254ms