Open
Cached
·
just now
21
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=63072000; includeSubDomains; preload
Content-Security-Policy
Good
default-src; upgrade-insecure-requests; frame-ancestors; +14 more
default-src 'self'; upgrade-insecure-requests; frame-ancestors 'self'; block-all-mixed-content; object-src 'none'; child-src 'self' www.googletagmanager.com *.facebook.com connect.facebook.net blob:; manifest-src 'self'; font-src 'self' fonts.gstatic.com fonts.googleapis.com data:; base-uri 'none'; form-action *.facebook.com connect.facebook.net *.snapchat.com octalogic.tech; media-src 'self'; worker-src 'self' blob:; style-src 'self' www.googletagmanager.com tagmanager.google.com checkout.stripe.com fonts.googleapis.com tagmanager.google.com https://optimize.google.com 'unsafe-inline'; frame-src 'self' https://www.google.com https://www.youtube.com vars.hotjar.com www.googletagmanager.com https://optimize.google.com *.stripe.com *.stripe.network maps.google.com maps.googleapis.com maps.google.com *.facebook.com connect.facebook.net *.snapchat.com challenges.cloudflare.com; connect-src 'self' *.hotjar.com wss://*.hotjar.com *.hotjar.io www.googletagmanager.com *.googleapis.com *.stripe.com maps.googleapis.com maps.google.com fonts.googleapis.com fonts.gstatic.com https://google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.facebook.com connect.facebook.net https://tr.snapchat.com challenges.cloudflare.com cloudflareinsights.com vitals.vercel-insights.com about: data:; script-src 'self' 'unsafe-inline' ajax.cloudflare.com static.cloudflareinsights.com https://www.google.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://js.stripe.com https://checkout.stripe.com https://cdn.firebase.com https://*.firebaseio.com https://*.firebaseio.com https://maps.googleapis.com https://maps.google.com https://apis.google.com https://www.googleanalytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://sc-static.net https://tr.snapchat.com cdn.vercel-insights.com challenges.cloudflare.com ; img-src 'self' *.hotjar.com www.googletagmanager.com *.stripe.com *.googleapis.com analytics.google.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com fonts.gstatic.com https://ssl.gstatic.com www.google-analytics.com ssl.google-analytics.com https://optimize.google.com https://googleads.g.doubleclick.net www.google.com www.google.co.in *.facebook.com *.facebook.net *.fbcdn.net *.snapchat.com data:
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer
Permissions-Policy
Missing
Not configured
Recommendations
- • Strengthen CSP by removing 'unsafe-eval'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
1 headers
Accept-Ranges
Performance
bytes
Caching Headers
4 headers
Age
Caching
1261764
Cache-Control
Caching
public, max-age=0, must-revalidate
Etag
Caching
"b3a387438b61cf290cbbf3d8ee9fcf12"
Last-Modified
Caching
Tue, 11 Nov 2025 12:42:54 GMT
Content Headers
3 headers
Content-Disposition
Content
inline
Content-Length
Content
61938
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
Server
Server
Vercel
CORS Headers
1 headers
Access-Control-Allow-Origin
Cors
*
Cookies Headers
0 headers
No cookies headers found
Other Headers
5 headers
Date
Other
Wed, 26 Nov 2025 03:12:19 GMT
X-Dns-Prefetch-Control
Other
on
X-Matched-Path
Other
/
X-Vercel-Cache
Other
HIT
X-Vercel-Id
Other
iad1::q9c6w-1764126739084-eebb245236cb
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 137ms