HTTP Headers Analysis for https://parent.skool.sg

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; style-src; script-src; +10 more

default-src 'self' https://*.skool.sg https://*.myfirstskool.com https://*.littleskoolhouse.com https://*.amazonaws.com https://*.cloudfront.com https://*.cloudfront.net https://sn-image-service-dot-tcc-sn-dev.appspot.com https://*.go-mpulse.net https://*.google.com https://*.googleapis.com https://*.freshchat.com https://*.google-analytics.com https://*.googletagmanager.com stats.g.doubleclick.net ws: wss:; style-src https://*.freshdesk.com https://*.freshworks.com 'self' 'unsafe-inline' https://fonts.googleapis.com https://wchat.freshchat.com https://sn2-care-journal-stg.web.app https://sn2-whiteboard-stg.web.app; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.go-mpulse.net https://polyfill-fastly.io https://maps.googleapis.com https://wchat.freshchat.com https://www.google-analytics.com https://www.googletagmanager.com stats.g.doubleclick.net; object-src blob: 'self' *.amazonaws.com *.cloudfront.com *.cloudfront.net https://sn-image-service-dot-tcc-sn-dev.appspot.com *.skool.sg *.myfirstskool.com *.littleskoolhouse.com; img-src * 'self' data: *.amazonaws.com *.cloudfront.com *.cloudfront.net https://sn-image-service-dot-tcc-sn-dev.appspot.com *.skool.sg *.myfirstskool.com *.littleskoolhouse.com https://akstat.io; font-src * data: blob: fonts.googleapis.com fonts.gstatic.com; frame-ancestors https://www.parent.skool.sg https://parent.skool.sg https://www.parent.skooluat.sg https://parent.skooluat.sg https://www.myfirstskool.com https://myfirstskool.com; frame-src https://www.googletagmanager.com *.freshchat.com *.google.com blob: 'self' *.amazonaws.com *.cloudfront.com *.cloudfront.net https://sn-image-service-dot-tcc-sn-dev.appspot.com *.skool.sg *.myfirstskool.com *.littleskoolhouse.com https://sn2-care-journal-stg.web.app https://preprod-auth.ntuclink.com.sg; worker-src 'self' blob:; script-src-elem https://*.freshdesk.com https://*.freshworks.com 'self' 'unsafe-inline' blob: https://polyfill-fastly.io https://maps.googleapis.com https://wchat.freshchat.com https://www.google-analytics.com https://*.go-mpulse.net https://sn2-whiteboard-stg.web.app https://sn2-care-journal-stg.web.app https://sn2-care-journal-dev.web.app; form-action 'self' https://*.skool.sg https://*.myfirstskool.com https://*.littleskoolhouse.com https://preprod-auth.ntuclink.com.sg; base-uri 'self'; connect-src 'self' https://preprod-auth.ntuclink.com.sg https://*.akstat.io https://*.freshdesk.com https://*.freshworks.com 'self' https://*.skool.sg https://*.myfirstskool.com https://*.littleskoolhouse.com https://sn2-care-journal-stg.web.app https://sn2-whiteboard-stg.web.app https://*.amazonaws.com https://*.cloudfront.com https://*.cloudfront.net https://sn-image-service-dot-tcc-sn-dev.appspot.com https://*.go-mpulse.net https://*.google.com https://*.googleapis.com https://*.freshchat.com https://*.google-analytics.com https://*.googletagmanager.com stats.g.doubleclick.net https://*.split.io https://cloudflare-dns.com https://*.datadoghq.eu https://logs.browser-intake-datadoghq.eu https://rum.browser-intake-datadoghq.eu ws: wss:;

X-Frame-Options

Present

ALLOW-FROM https://parent.skool.sg; DENY; SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers

Connection

Performance

close

Vary

Performance

x-fh-requested-host

Caching Headers

5 headers

Cache-Control

Caching

max-age=0, no-cache, no-store

Etag

Caching

"2b5f85a13db31542d3bf86aaadb0ff3fc891a2dedad8bafdcf8df3f4033966e8"

Expires

Caching

Mon, 26 Jan 2026 03:31:34 GMT

Last-Modified

Caching

Thu, 15 Jan 2026 04:47:14 GMT

Pragma

Caching

no-cache

Content Headers

2 headers

Content-Length

Content

5506

Content-Type

Content

text/html; charset=utf-8

Server Headers

0 headers

No server headers found

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

7 headers

Date

Other

Mon, 26 Jan 2026 03:31:34 GMT

Feature-Policy

Other

geolocation 'none'

Server-Timing

Other

ak_p; desc="1769398293856_400320916_2148992832_40953_56842_0_46_-";dur=1

X-Akamai-Transformed

Other

9 661 0 pmb=mRUM,1

X-Cache-Hits

Other

0

X-Served-By

Other

cache-sin-wsss1830070-SIN

X-Timer

Other

S1769398294.079261,VS0,VE74

Recommendations

Enable compression (gzip/brotli) to improve performance