Open
Cached
·
just now
22
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Basic
default-src; child-src; connect-src; +8 more
default-src https 'self'; child-src * data: blob:; connect-src 'self' blob: www.dropbox.com api.dropboxapi.com s3.amazonaws.com/gumroad s3.amazonaws.com/gumroad/ gumroad-public-storage.s3.amazonaws.com gumroad-public-storage.s3.amazonaws.com/ s3.amazonaws.com/gumroad-public-storage s3.amazonaws.com/gumroad-public-storage/ www.google.com www.gstatic.com *.facebook.com *.facebook.net *.google-analytics.com *.g.doubleclick.net *.googletagmanager.com analytics.google.com *.analytics.google.com files.gumroad.com/ d1bdh6c3ceakz5.cloudfront.net/ *.braintreegateway.com www.paypalobjects.com *.paypal.com *.braintree-api.com iframe.ly help.gumroad.com gumroad.com wss://cable.gumroad.com assets.gumroad.com; font-src * data: blob:; frame-src * data: blob:; img-src * data: blob:; media-src * data: blob:; object-src * data: blob:; script-src 'self' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com js.stripe.com api.stripe.com connect-js.stripe.com *.braintreegateway.com *.braintree-api.com www.paypalobjects.com *.paypal.com *.google-analytics.com *.googletagmanager.com optimize.google.com www.googleadservices.com www.google.com www.gstatic.com *.facebook.net *.facebook.com www.dropbox.com s.ytimg.com cdn.iframe.ly platform.twitter.com cdn.jwplayer.com *.jwpcdn.com gumroad.us3.list-manage.com analytics.twitter.com help.gumroad.com unpkg.com/@lottiefiles/lottie-player@latest/ gumroad.com assets.gumroad.com 'nonce-9ow8wNyTzO4HaAeaOQ+M5dK7ebCbaE1n1Nihl5eGRq0=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' s.ytimg.com optimize.google.com fonts.googleapis.com assets.gumroad.com; worker-src * data: blob:
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Origin
Caching Headers
1 headers
Cache-Control
Caching
max-age=0, private, must-revalidate
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
2 headers
Server
Server
cloudflare
X-Runtime
Server
0.117276
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
_gumroad_app_session=tEnhr%2BFuNRmaO%2BesoAC4Kf%2BcTEiJ3sGfYCNk7UIgwiwqVfMHWrbw%2F40ub4Orln%2FOqHxT2E92uB1AjBH%2BQJ8cvnxMMw5HenQJzaq4U%2BpJ3tjfvq586r02MCdzcgeLHWCOkJ56Fwfs8K0FmwlV4n3u%2By%2B364YWemPCeMeDxTEGj4wvPN9gFu82lTHhFkQbPA6hJ5PbCP4G0XIFtZLorGT%2FSVgxrdiaSnLMzAodYdesrh3KKbzrnhz0v3wAV%2FfROjBza9QJ4lMtYngHId2erHIqQ94Z9xpjcs3781yLTeBnqiVkvpXQjCJ9K15%2FwM6x5UQ%2B7tl7vZpXu3p4TVIjXbFxNxM6wPq4rHWCWG376g%2BGxci3bPwLvOr5%2BHBSHOP3TQ%3D%3D--zil53%2FoOyppLapaW--Mmah6qlsfHACEZR%2BmGqydw%3D%3D; domain=gumroad.com; path=/; expires=Thu, 01 Jan 2026 05:38:08 GMT; secure; httponly; samesite=lax
Other Headers
11 headers
Alt-Svc
Other
h3=":443"; ma=86400
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
9a703c9048b68260-IAD
Date
Other
Mon, 01 Dec 2025 05:38:08 GMT
Link
Other
<https://assets.gumroad.com/packs/css/design-51eede59.css>; rel=preload; as=style; crossorigin=anonymous; nopush,<https://assets.gumroad.com/assets/application-cbf244e9109e70d7b04497041636f00173a1e588f9b879b3a3ef11f8dfb86e5c.js>; rel=preload; as=script; nopush
X-Download-Options
Other
noopen
X-Gr
Other
PROD
X-Original-Headers-Class
Other
Rack::Headers
X-Permitted-Cross-Domain-Policies
Other
none
X-Request-Id
Other
90854f9d-ffcf-4f9d-8460-0e4a97b3f581
X-Revision
Other
a8bc3d1718a3
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 438ms