Open
Cached
·
just now
25
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Basic
default-src; base-uri; frame-ancestors; +9 more
default-src 'self';base-uri 'self';frame-ancestors 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://cdn.paddle.com https://app.lemonsqueezy.com https://assets.lemonsqueezy.com https://lmsqueezy.com https://widget.intercom.io https://js.intercomcdn.com https://unpkg.com https://scripts.simpleanalyticscdn.com https://public.profitwell.com https://static.ads-twitter.com https://ads-twitter.com https://ads-api.twitter.com https://analytics.twitter.com https://connect.facebook.net https://cdn.zigpoll.com;style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://cdn.paddle.com https://use.typekit.net https://p.typekit.net https://cdn.zigpoll.com;font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com https://fonts.intercomcdn.com https://use.typekit.net https://cdn.zigpoll.com data:;img-src 'self' data: https: blob:;connect-src 'self' https://cdn.jsdelivr.net https://unpkg.com https://www.google.com https://*.google.com https://*.google.fr https://*.google.de https://*.google.co.uk https://www.google-analytics.com https://analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www2.profitwell.com https://api-iam.intercom.io https://uploads.intercomcdn.com https://www.facebook.com https://*.facebook.com https://static.ads-twitter.com https://ads-twitter.com https://ads-api.twitter.com https://analytics.twitter.com https://*.twitter.com https://api.zigpoll.com https://cdn.paddle.com https://scripts.simpleanalyticscdn.com https://app.loops.so wss: ws:;frame-src 'self' https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://www.facebook.com https://buy.paddle.com https://sandbox-buy.paddle.com https://www.youtube.com https://youtube.com;worker-src 'self' blob:;object-src 'self' https://cdn.jsdelivr.net;media-src 'self' blob: data:
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding
Caching Headers
1 headers
Cache-Control
Caching
private
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
Server
Server
cloudflare
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
__cf_bm=gKrX9_WlhzUb0BsfqJJRTfq7btwgfBzNmWtyyTMFwYc-1770252388-1.0.1.1-11qA8uOgZJRkYDuErYZuc6TxTx7kRk3SZPcei27I20gG_Mqi5kG2DQnfIjXrzr3Kvwv..2wCokp4tc1EKcaUZ2wqcBG1Pig7uQ6PvznnIHk; path=/; expires=Thu, 05-Feb-26 01:16:28 GMT; domain=.pixfort.com; HttpOnly; Secure; SameSite=None
Other Headers
10 headers
Alt-Svc
Other
h3=":443"; ma=86400
Cf-Cache-Status
Other
MISS
Cf-Ray
Other
9c8e6411dac472d4-IAD
Date
Other
Thu, 05 Feb 2026 00:46:28 GMT
Origin-Agent-Cluster
Other
?1
X-Dns-Prefetch-Control
Other
off
X-Do-App-Origin
Other
3c2be3e6-b90b-4ea9-be80-07f31d1677e1
X-Do-Orig-Status
Other
200
X-Download-Options
Other
noopen
X-Permitted-Cross-Domain-Policies
Other
none
Recommendations
Enable compression (gzip/brotli) to improve performance