Open
Cached
·
just now
26
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Basic
default-src; media-src; img-src; +3 more
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.awswaf.com https://*.survicate.com https://*.segment.com https://api.segment.io https://*.survicate.com https://*.survicate-cdn.com https://*.intercom.io wss://*.intercom.io https://*.intercom-messenger.com wss://*.intercom-messenger.com https://intercom-sheets.com https://*.intercomcdn.com https://static.intercomassets.com https://*.cookiebot.com https://*.google-analytics.com https://*.googlesyndication.com https://*.google.com https://*.googleusercontent.com https://cdn.headwayapp.co https://headway-widget.net https://featuregates.org https://events.statsigapi.net https://statsigapi.net https://featureassets.org/v1/ https://prodregistryv2.org/v1/ https://rec.smartlook.com https://*.smartlook.cloud https://api.getvero.com https://d3qxef4rp70elm.cloudfront.net https://*.hs-scripts.com https://*.usemessages.com https://*.hs-banner.com https://*.hs-analytics.net https://*.hsforms.net https://*.hsleadflows.net https://*.hubspot.com https://www.googletagmanager.com https://www.google.com https://*.g.doubleclick.net https://td.doubleclick.net/ https://www.googleadservices.com https://api.cloudinary.com https://content.googleapis.com https://cdn.mxpnl.com https://api-js.mixpanel.com https://fonts.gstatic.com px.ads.linkedin.com *.recurly.com *.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.cardinaltrusted.com static.client.cardinaltrusted.com www.paypalobjects.com https://code.highcharts.com https://*.s3.eu-west-1.amazonaws.com;media-src https: data:;img-src https: data: blob:;frame-src *;form-action *; report-to csp-endpoint-panel;
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Caching Headers
3 headers
Cache-Control
Caching
no-cache
Etag
Caching
"85ec9d55ba2cd385a39ab5a9b93918d2"
Last-Modified
Caching
Mon, 29 Dec 2025 09:38:55 GMT
Content Headers
2 headers
Content-Length
Content
1977
Content-Type
Content
text/html
Server Headers
1 headers
Server
Server
AmazonS3
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
11 headers
Date
Other
Fri, 02 Jan 2026 19:15:43 GMT
Report-To
Other
{ "group":"csp-endpoint-panel", "max_age":10886400, "endpoints": [{ "url":"https://panel-api.survicate.com/_/report_csp/panel" }] }
Via
Other
1.1 3525759642f1523427a2cbcea262ddba.cloudfront.net (CloudFront)
X-Amz-Cf-Id
Other
gHTEN-S1nLMT6A9An54CbOrgMN3jZAeOCwjv0rzh-bFEyk_9jhCZbQ==
X-Amz-Cf-Pop
Other
IAD61-P6
X-Amz-Meta-Codebuild-Buildarn
Other
arn:aws:codebuild:eu-west-1:121050345386:build/production-panel-build-deployment:d72bca04-7d6f-4cdd-aa4c-d077f8ff94da
X-Amz-Meta-Codebuild-Content-Md5
Other
df2ddfa130d153204d3e914822dea886
X-Amz-Meta-Codebuild-Content-Sha256
Other
dff1c00a8f560039109cee314b7ec90150f62a74fb37ca625fab18fa7f5f6ae5
X-Amz-Server-Side-Encryption
Other
AES256
X-Cache
Other
Hit from cloudfront
X-Robots-Tag
Other
noindex
Recommendations
Enable compression (gzip/brotli) to improve performance