Open
Cached
·
just now
33
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=15552000; includeSubDomains; preload
Content-Security-Policy
Basic
default-src; script-src; style-src; +11 more
default-src 'self' data: https://static.parkingcupid.com https://auth.parkingcupid.com https://www.parkingmadeeasy.com.au https://*.clarity.ms https://bat.bing.com https://*.googleapis.com https://*.gstatic.com https://*.googleadservices.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.stripe.com https://checkout.stripe.com https://connect.facebook.net https://*.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.parkingcupid.com https://auth.parkingcupid.com https://gtm.parkingcupid.com https://bat.bing.com https://*.clarity.ms https://*.googleapis.com https://*.gstatic.com https://*.googleadservices.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://pagead2.googlesyndication.com https://*.stripe.com https://checkout.stripe.com https://js.stripe.com https://static.cloudflareinsights.com https://cdnjs.cloudflare.com https://connect.facebook.net https://*.facebook.net https://js-agent.newrelic.com https://*.newrelic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.googleapis.com https://cdnjs.cloudflare.com https://bat.bing.com; img-src 'self' data: https: blob:; font-src 'self' data: https://fonts.gstatic.com https://*.gstatic.com https://cdnjs.cloudflare.com; connect-src 'self' data: blob: https://static.parkingcupid.com https://auth.parkingcupid.com https://www.parkingmadeeasy.com.au https://*.clarity.ms https://bat.bing.com https://*.googleapis.com https://*.gstatic.com https://*.googleadservices.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.au https://*.google.co.nz https://*.google.ca https://*.google.co.uk https://api.stripe.com https://static.cloudflareinsights.com https://js-agent.newrelic.com https://bam.nr-data.net https://gtm.parkingcupid.com https://o4510538062102528.ingest.us.sentry.io https://cloudflareinsights.com https://www.facebook.com; frame-src 'self' data: https://auth.parkingcupid.com https://www.youtube.com https://apis.google.com https://js.stripe.com https://checkout.stripe.com https://connect.facebook.net https://bat.bing.com https://gtm.parkingcupid.com; media-src 'self' https:; object-src 'none'; base-uri 'self'; form-action 'self'; manifest-src 'self'; worker-src 'self' blob: https://static.parkingcupid.com https://auth.parkingcupid.com https://gtm.parkingcupid.com https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.clarity.ms https://bat.bing.com https://*.facebook.com https://www.facebook.com; upgrade-insecure-requests;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
geolocation=(self),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=(*)
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Cookie,Accept-Encoding
Caching Headers
4 headers
Age
Caching
3966
Cache-Control
Caching
max-age=7200, must-revalidate
Expires
Caching
Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified
Caching
Wed, 31 Dec 2025 02:54:51 GMT
Content Headers
2 headers
Content-Language
Content
en
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
Server
Server
cloudflare
CORS Headers
4 headers
Access-Control-Allow-Credentials
Cors
true
Access-Control-Allow-Headers
Cors
Content-Type, Authorization
Access-Control-Allow-Methods
Cors
GET, POST, OPTIONS
Access-Control-Allow-Origin
Cors
*.parkingcupid.com
Cookies Headers
0 headers
No cookies headers found
Other Headers
12 headers
Alt-Svc
Other
h3=":443"; ma=86400
Cf-Cache-Status
Other
HIT
Cf-Ray
Other
9b66df77d940d6c4-IAD
Date
Other
Wed, 31 Dec 2025 04:00:57 GMT
Link
Other
<https://www.parkingcupid.com/>; rel="shortlink",<Daniel Battaglia>; rel="author",<https://www.parkingcupid.com/favicon.ico>; rel="shortcut icon",<https://www.parkingcupid.com/favicon-16x16.png>; rel="icon_16x16",<https://www.parkingcupid.com/favicon-16x16.png>; rel="icon_32x32",<https://www.parkingcupid.com/favicon-192x192.png>; rel="icon_192x192",<https://www.parkingcupid.com/apple-touch-icon.png>; rel="apple-touch-icon_180x180",<https://www.parkingcupid.com/apple-touch-icon.png>; rel="apple-touch-icon-precomposed_180x180", <https://static.parkingcupid.com>; rel=preconnect; crossorigin, <https://auth.parkingcupid.com>; rel=preconnect, <https://www.gstatic.com>; rel=preconnect
Nel
Other
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Report-To
Other
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=sivUHzW%2FbsbgyTNR1kZOJH9aCRg94HHEdCeHCQwv6sPsrqt%2FFzmcDiHkL%2FcWXMt1PNDU4e44x3dCZ0jIZPGa3rW0%2BPQy9PzdL68D6QbMfDBHOOo%3D"}]}
Speculation-Rules
Other
"/cdn-cgi/speculation"
X-Content-Security-Policy
Other
base-uri 'self';
X-Drupal-Cache
Other
MISS
X-Generator
Other
Parking Cupid (https://www.parkingcupid.com)
X-Ua-Compatible
Other
IE=edge
Recommendations
Enable compression (gzip/brotli) to improve performance