Open
Cached
·
just now
39
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=63072000;
Content-Security-Policy
Basic
default-src; script-src; style-src; +12 more
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' vimeo.com *.vimeo.com *.userway.org *.crazyegg.com unpkg.com cdn.jsdelivr.net cdn-cookieyes.com *.cookieyes.com cookieyes.com *.hackerone.com hackerone.com *.gstatic.com *.google.com maps.googleapis.com *.adroll.com *.consensu.org *.hscollectedforms.net *.hsleadflows.net *.hubspot.com hubspot.com *.hs-banner.com *.licdn.com www.googleoptimize.com www.linkedin.com connect.facebook.net s.adroll.com ml314.com js.hs-scripts.com script.hotjar.com static.hotjar.com js.hs-analytics.net player.vimeo.com www.googletagmanager.com dev.visualwebsiteoptimizer.com sjs.bizographics.com www.google-analytics.com px.ads.linkedin.com djtflbt20bdde.cloudfront.net ajax.googleapis.com *.hsforms.com *.hsforms.net ssl.google-analytics.com *.doubleclick.net *.bing.com *.crazyegg.com blob:; style-src 'report-sample' 'self' *.userway.org *.crazyegg.com 'unsafe-inline' fonts.googleapis.com; object-src 'self' blob:; base-uri 'self' *.helpscout.net js.hsforms.net hsforms.com *.hsforms.com *.vimeocdn.com vimeocdn.com; connect-src 'self' *.hubspot.com *.hscollectedforms.net *.userway.org *.crazyegg.com *.uniregistry.net *.registry.google *.centralnicregistry.com *.centralnic.com *.identitydigital.services identitydigital.services *.verisign.com verisign.com cdn-cookieyes.com *.cdn-cookieyes.com *.cookieyes.com cookieyes.com *.hotjar.io hotjar.io *.gov.uk gov.uk yoast.com *.hotjar.com js.hsforms.net hsforms.com *.hsforms.com *.google-analytics.com google-analytics.com *.websitecarbon.com websitecarbon.com hubspot-forms-static-embed.s3.amazonaws.com *.iana.org iana.org *.nominet.uk wss:; font-src 'self' *.userway.org fonts.gstatic.com *.hotjar.com data:; frame-src 'self' *.hs-sites.com *.userway.org *.yumpu.com yumpu.com datawrapper.dwcdn.net *.eko.com *.vimeo.com vimeo.com *.hackerone.com hackerone.com *.google.com google.com *.facebook.com facebook.com hsforms.net *.hsforms.net hsforms.com *.hsforms.com; img-src 'self' *.hsappstatic.net *.hubspot.com *.userway.org *.crazyegg.com cdn-cookieyes.com cookieyes.com *.cookieyes.com secure.gravatar.com bugherd.com *.bugherd.com www.facebook.com *.facebook.com facebook.com *.cloudfront.net *.googletagmanager.com *.hsforms.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:; frame-ancestors 'self' *.hackerone.com hackerone.com js.hsforms.net; form-action 'self' *.theukdomain.uk theukdomain.uk forms.hsforms.com *.facebook.com hsforms.net *.hsforms.net hsforms.com *.hsforms.com; child-src 'self' blob:;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(self), encrypted-media=(), fullscreen=*, geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=*, picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=*, usb=(), xr-spatial-tracking=(), gamepad=(), serial=()
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding
Caching Headers
1 headers
Cache-Control
Caching
public, max-age=0, s-maxage=3600
Content Headers
1 headers
Content-Type
Content
text/html; charset=UTF-8
Server Headers
1 headers
Server
Server
cloudflare
CORS Headers
2 headers
Access-Control-Allow-Headers
Cors
Content-Type, Authorization
Access-Control-Allow-Methods
Cors
GET,POST
Cookies Headers
1 headers
Set-Cookie
Cookies
__cf_bm=NLyHx1n6pftpm38BGBfNyyTv1llxeHOpgAJ9bQwSH6c-1766249567-1.0.1.1-hAOqGy85Hmrf1LbbWS1MTlhW70KSslOaEyzslT1oH0Jzvb10m0GxplrhooQ7sjgdFGviuYJfOds3DtE7_7Lyy8Ev4g5gzAiyL0OcuAUHaro; path=/; expires=Sat, 20-Dec-25 17:22:47 GMT; domain=.nominet.uk; HttpOnly; Secure; SameSite=None
Other Headers
20 headers
Alt-Svc
Other
h3=":443"; ma=86400
Cache-Tag
Other
e17f0185-689d-45f3-b393-aca21019d87c,c465429d6c387b4af34b29d28fb75ac0e753e243bd39f4c9f4ee9c7786a2300b
Cf-Cache-Status
Other
MISS
Cf-Ray
Other
9b10a6f1bc175fa6-IAD
Cross-Origin-Embedder-Policy-Report-Only
Other
unsafe-none; report-to='default'
Cross-Origin-Opener-Policy-Report-Only
Other
unsafe-none; report-to='default'
Date
Other
Sat, 20 Dec 2025 16:52:47 GMT
Ki-Cache-Tag
Other
e17f0185-689d-45f3-b393-aca21019d87c,c465429d6c387b4af34b29d28fb75ac0e753e243bd39f4c9f4ee9c7786a2300b
Ki-Cache-Type
Other
Edge
Ki-Cf-Cache-Status
Other
SAVING
Ki-Edge
Other
v=24.0.1;mv=5.0.18
Ki-Origin
Other
g1p
Link
Other
<https://nominet.uk/wp-json/>; rel="https://api.w.org/", <https://nominet.uk/wp-json/wp/v2/pages/7>; rel="alternate"; title="JSON"; type="application/json", <https://nominet.uk/>; rel=shortlink
Nel
Other
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Report-To
Other
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6BixgqvwDGlOvgYlQpQ4z%2Bg3jYWWQfojcDthm5YTZSNHye%2Ft912NTd8pHbAgTkaUBvuVLiWeVlw%2F1NIzbqhj3KP%2BJDhVLALmBUaxDJTJFeV%2FLimqbeDRQzRs4pA%3D"}],"group":"cf-nel","max_age":604800}
Unset
Other
X-Powered-By
X-Content-Security-Policy
Other
default-src 'self'; img-src *; media-src * data:;
X-Edge-Location-Klb
Other
1
X-Kinsta-Cache
Other
HIT
X-Permitted-Cross-Domain-Policies
Other
none
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 170ms