HTTP Headers Analysis for https://n2y.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=15552000

Content-Security-Policy

Basic

default-src; script-src; style-src; +9 more

default-src 'self'; script-src 'unsafe-eval' 'self' https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://www.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://static.cdn.prismic.io https://prismic.io https://texthelp.tfaforms.net https://www.google.com https://www.gstatic.com https://s.saleswingsapp.com https://static.hotjar.com https://script.hotjar.com https://plus.browsealoud.com https://www.browsealoud.com https://*.speechstream.net https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://wikisum.texthelp.com https://mautic.texthelp.com https://mautic-staging.texthelp.com https://embed.typeform.com/next/embed.js https://connect.facebook.net https://snap.licdn.com https://www.youtube.com https://*.amplitude.com https://a.omappapi.com/ https://player.cloudinary.com https://cloudinary.com https://online4.superoffice.com https://cdn.jsdelivr.net/npm/@rive-app/[email protected]/rive.js 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.browsealoud.com https://plus.browsealoud.com https://texthelp.tfaforms.net https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com https://mautic.texthelp.com/media/css/ https://mautic-staging.texthelp.com/media/css/ https://embed.typeform.com/next/css/widget.css https://*.amplitude.com https://a.omappapi.com/ https://player.cloudinary.com; connect-src 'self' blob: https://plus.browsealoud.com https://www.browsealoud.com https://en.wikipedia.org https://wikisum.texthelp.com https://wiki-summarizer-eu.texthelp.com https://simplify-us.texthelp.com https://browsealoud-webservices-8.texthelp.com https://browsealoud-webservices-eu.texthelp.com https://babm.texthelp.com https://*.speechstream.net https://stats.g.doubleclick.net https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://everway.cdn.prismic.io https://analytics.formassembly.com https://texthelp.tfaforms.net/api_v2/sst/wf-quick-publish https://typeahead.formassembly.com https://consentcdn.cookiebot.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://www.google.com https://google.com https://to.go.saleswingsapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://api.typeform.com/single-embed/ https://px.ads.linkedin.com https://*.amplitude.com https://unpkg.com https://cdn.jsdelivr.net https://api.omappapi.com/ https://a.omappapi.com https://z.omappapi.com https://player.cloudinary.com https://res.cloudinary.com https://cloudinary.com; child-src 'self' https://content.googleapis.com https://www.googletagmanager.com/ns.html; media-src 'self' blob: https://*.speechstream.net https://*.amplitude.com https://res.cloudinary.com https://player.cloudinary.com; font-src 'self' https://fonts.gstatic.com data: https://script.hotjar.com https://a.omappapi.com/ https://api.omappapi.com/; img-src 'self' data: blob: https://webworx.texthelp.com https://browsealoud-webservices-8.texthelp.com https://browsealoud-webservices-eu.texthelp.com https://www.browsealoud.com https://plus.browsealoud.com https://upload.wikimedia.org https://www.google-analytics.com https://stats.g.doubleclick.net https://everway.cdn.prismic.io https://images.prismic.io https://imgsct.cookiebot.com https://*.google-analytics.com https://*.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.google.com https://google.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://www.google.co.uk https://www.google.ca https://www.google.dk https://www.google.com.au https://www.google.co.in https://www.google.ie https://www.google.co.nz https://www.google.nl https://www.google.it https://www.google.se https://www.google.es https://www.google.com.ph https://www.google.com.mx https://www.google.de https://www.google.com.pk https://www.google.co.id https://www.google.ae https://www.google.fr https://www.google.co.za https://www.google.com.br https://www.google.co.jp https://www.google.com.sg https://www.google.fi https://www.google.co.il https://www.google.ee https://www.google.no https://static.hotjar.com https://script.hotjar.com https://survey-images.hotjar.com https://px.ads.linkedin.com https://www.facebook.com https://*.amplitude.com https://a.omappapi.com/ https://api.omappapi.com/ https://res.cloudinary.com; object-src 'none'; frame-src 'self' https://content.googleapis.com/ https://everway.prismic.io https://www.youtube.com https://www.google.com https://consentcdn.cookiebot.com https://www.googletagmanager.com https://td.doubleclick.net https://mautic.texthelp.com https://mautic-staging.texthelp.com https://form.typeform.com/ https://registration.events.ringcentral.com/ https://player.cloudinary.com https://online4.superoffice.com/; form-action 'self' https://texthelp.tfaforms.net https://mautic.texthelp.com https://mautic-staging.texthelp.com https://event.on24.com https://www.n2y.com/ https://www.texthelp.com; base-uri 'none'

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers

Connection

Performance

close

Vary

Performance

Accept-Encoding

Caching Headers

3 headers

Age

Caching

749

Cache-Control

Caching

s-maxage=31536000, stale-while-revalidate

Etag

Caching

"17rl7i99yd48vpu"

Content Headers

2 headers

Content-Length

Content

415170

Content-Type

Content

text/html; charset=utf-8

Server Headers

1 headers

Server

nginx

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

8 headers

Date

Other

Sat, 31 Jan 2026 08:23:48 GMT

Via

Other

1.1 f458ab1245bb4f257969c1da8e708f88.cloudfront.net (CloudFront)

X-Amz-Cf-Id

Other

jKBXl6Faelg2B0Y3bLsJEJ5YqKmsRcvhE24SaqLy_9R0nrci2FZIHA==

X-Amz-Cf-Pop

Other

JFK50-P2

X-Cache

Other

Hit from cloudfront

X-Lang

Other

en-us

X-Middleware-Rewrite

Other

/en-us/

X-Nextjs-Cache

Other

HIT

Recommendations

Enable compression (gzip/brotli) to improve performance