Open
Cached
·
just now
23
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Basic
upgrade-insecure-requests; object-src; default-src
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
fullscreen=(), microphone=(), gamepad=(), midi=(), display-capture=(), usb=(), magnetometer=(), picture-in-picture=(), accelerometer=(), xr-spatial-tracking=(), idle-detection=(), sync-xhr=(), serial=(), clipboard-read=(), payment=(), bluetooth=(), hid=(), keyboard-map=(), screen-wake-lock=(), gyroscope=(), clipboard-write=(), publickey-credentials-get=()
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding,User-Agent
Caching Headers
2 headers
Cache-Control
Caching
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma
Caching
no-cache
Content Headers
1 headers
Content-Type
Content
text/html; charset=UTF-8
Server Headers
1 headers
Server
Server
cloudflare
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
_cfuvid=wnpvWuxdbzCRRHP9jheielsF.lSSRSUGIyhmzaPD3hE-1768088917.5189388-1.0.1.1-HNb6TBeb8kMI0kVamu89lfCUNF999.Xtsu44imCMtSs; HttpOnly; SameSite=None; Secure; Path=/; Domain=www.montepiedad.com.mx
Other Headers
7 headers
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
9bc010f67ec9d6c3-IAD
Date
Other
Sat, 10 Jan 2026 23:48:37 GMT
Server-Timing
Other
cfEdge;dur=40,cfOrigin;dur=119
Upgrade-Insecure-Requests
Other
1
X-Content-Security-Policy
Other
upgrade-insecure-requests; object-src 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleoptimize.com https://*.googletagmanager.com https://*.facebook.com https://*.facebook.net https://*.montepiedad.com.mx https://*.botlers.io https://*.newrelic.com https://bam-cell.nr-data.net https://unpkg.com https://*.zeptojs.com https://*.jsdelivr.net https://*.datatables.net https://*.bootstrapcdn.com https://*.cloudflare.com https://*.lottiefiles.com https://*.google-analytics.com https://www.yumpu.com https://*.youtube.com/ https://i.ytimg.com/ https://*.doubleclick.net https://afiliacion.net https://prs.arkeero.net https://leadgenios.net https://www.rtb123.com https://*.hotjar.com https://inboxlabs.go2cloud.org https://*.google.com.mx https://*.hotjar.io https://*.teads.tv https://ojo7.ltroute.com https://*.abtasty.com/ https://*.amazonaws.com/ wss://*.hotjar.com https://go2perseo.com https://affperformance.com/ https://ad.soicos.com https://ads01.groovinads.com https://*.cybba.solutions https://*.cloudfront.net https://*.go4aluna.co https://bing.com https://*.aptoweb.com/ https://*.helpscout.net/ bytedance: sslocal: https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com https://*.taboola.com;
X-Webkit-Csp
Other
upgrade-insecure-requests; object-src 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleoptimize.com https://*.googletagmanager.com https://*.facebook.com https://*.facebook.net https://*.montepiedad.com.mx https://*.botlers.io https://*.newrelic.com https://bam-cell.nr-data.net https://unpkg.com https://*.zeptojs.com https://*.jsdelivr.net https://*.datatables.net https://*.bootstrapcdn.com https://*.cloudflare.com https://*.lottiefiles.com https://*.google-analytics.com https://www.yumpu.com https://*.youtube.com/ https://i.ytimg.com/ https://*.doubleclick.net https://afiliacion.net https://prs.arkeero.net https://leadgenios.net https://www.rtb123.com https://*.hotjar.com https://inboxlabs.go2cloud.org https://*.google.com.mx https://*.hotjar.io https://*.teads.tv https://ojo7.ltroute.com https://*.abtasty.com/ https://*.amazonaws.com/ wss://*.hotjar.com https://go2perseo.com https://affperformance.com/ https://ad.soicos.com https://ads01.groovinads.com https://*.cybba.solutions https://*.cloudfront.net https://*.go4aluna.co https://bing.com https://*.aptoweb.com/ https://*.helpscout.net/ bytedance: sslocal: https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com https://*.taboola.com;
Recommendations
Enable compression (gzip/brotli) to improve performance