Open
Cached
·
just now
21
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=63072000; includeSubDomains; preload
Content-Security-Policy
Basic
default-src; script-src; img-src; +4 more
default-src 'self' *.quantexa.local *.quantexa.com *.quantexa.dev *.netlify.app *.netlify.com *.storyblok.com fonts.cdnfonts.com *.matomo.cloud *.google.com *.hsforms.net *.bing.com *.bing.net *.zoominfo.com *.influ2.com *.oktopost.com *.gstatic.com *.hs-analytics.net *.licdn.com okt.to *.hs-scripts.com *.hsleadflows.net *.hs-banner.com *.usemessages.com *.hscollectedforms.net *.hsadspixel.net *.hubspot.com *.hubapi.com *.googletagmanager.com *.doubleclick.net *.hsforms.com *.youtube.com *.blockmarktech.com *.oribi.io *.zscaler.net ingesteer.services-prod.nsvcs.net s3.amazonaws.com js.zi-scripts.com *.visualwebsiteoptimizer.com app.vwo.com www.googleadservices.com pagead2.googlesyndication.com google.com *.google-analytics.com *.clickcease.com *.linkedin.com dta8euw1l8gvs.cloudfront.net *.cookiebot.com *.googleapis.com sc.lfeeder.com opps-widget.getwarmly.com opps-api.getwarmly.com capture.navattic.com js.navattic.com s3-us-west-2.amazonaws.com pro.ip-api.com *.outbrain.com *.redditstatic.com *.reddit.com *.taboola.com *.mux.com inferred.litix.io *.jsdelivr.net *.unpkg.com *.cloudflare.com *.clarity.ms *.ahrefs.com static.xingcdn.com www.xing.com *.adsrvr.org static.hsappstatic.net p.mdb.tools a.usbrowserspeed.com *.ingest.us.sentry.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.quantexa.local *.quantexa.com *.quantexa.dev *.netlify.app *.netlify.com *.storyblok.com fonts.cdnfonts.com *.matomo.cloud *.google.com *.hsforms.net *.bing.com *.bing.net *.zoominfo.com *.influ2.com *.oktopost.com *.gstatic.com *.hs-analytics.net *.licdn.com okt.to *.hs-scripts.com *.hsleadflows.net *.hs-banner.com *.usemessages.com *.hscollectedforms.net *.hsadspixel.net *.hubspot.com *.hubapi.com *.googletagmanager.com *.doubleclick.net *.hsforms.com *.youtube.com *.blockmarktech.com *.oribi.io *.zscaler.net ingesteer.services-prod.nsvcs.net s3.amazonaws.com js.zi-scripts.com *.visualwebsiteoptimizer.com app.vwo.com www.googleadservices.com pagead2.googlesyndication.com google.com *.google-analytics.com *.clickcease.com *.linkedin.com dta8euw1l8gvs.cloudfront.net *.cookiebot.com *.googleapis.com sc.lfeeder.com opps-widget.getwarmly.com opps-api.getwarmly.com capture.navattic.com js.navattic.com s3-us-west-2.amazonaws.com pro.ip-api.com *.outbrain.com *.redditstatic.com *.reddit.com *.taboola.com *.mux.com inferred.litix.io *.jsdelivr.net *.unpkg.com *.cloudflare.com *.clarity.ms *.ahrefs.com static.xingcdn.com www.xing.com *.adsrvr.org static.hsappstatic.net p.mdb.tools a.usbrowserspeed.com *.ingest.us.sentry.io; img-src data: * blob:; font-src 'self' data: fonts.cdnfonts.com; media-src 'self' blob: *.storyblok.com *.mux.com; style-src 'self' 'unsafe-inline' *.quantexa.local *.quantexa.com *.quantexa.dev *.netlify.app *.netlify.com *.storyblok.com fonts.cdnfonts.com *.matomo.cloud *.google.com *.hsforms.net *.bing.com *.bing.net *.zoominfo.com *.influ2.com *.oktopost.com *.gstatic.com *.hs-analytics.net *.licdn.com okt.to *.hs-scripts.com *.hsleadflows.net *.hs-banner.com *.usemessages.com *.hscollectedforms.net *.hsadspixel.net *.hubspot.com *.hubapi.com *.googletagmanager.com *.doubleclick.net *.hsforms.com *.youtube.com *.blockmarktech.com *.oribi.io *.zscaler.net ingesteer.services-prod.nsvcs.net s3.amazonaws.com js.zi-scripts.com *.visualwebsiteoptimizer.com app.vwo.com www.googleadservices.com pagead2.googlesyndication.com google.com *.google-analytics.com *.clickcease.com *.linkedin.com dta8euw1l8gvs.cloudfront.net *.cookiebot.com *.googleapis.com sc.lfeeder.com opps-widget.getwarmly.com opps-api.getwarmly.com capture.navattic.com js.navattic.com s3-us-west-2.amazonaws.com pro.ip-api.com *.outbrain.com *.redditstatic.com *.reddit.com *.taboola.com *.mux.com inferred.litix.io *.jsdelivr.net *.unpkg.com *.cloudflare.com *.clarity.ms *.ahrefs.com static.xingcdn.com www.xing.com *.adsrvr.org static.hsappstatic.net p.mdb.tools a.usbrowserspeed.com *.ingest.us.sentry.io; frame-ancestors 'self' https://app.storyblok.com/ https://app.markup.io/;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
Same-origin
Permissions-Policy
Present
browsing-topics=()
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
rsc,next-router-state-tree,next-router-prefetch,next-router-segment-prefetch,Accept-Encoding
Caching Headers
2 headers
Age
Caching
4
Cache-Control
Caching
private,no-cache,no-store,max-age=0,must-revalidate
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
Server
Server
Netlify
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
NEXT_LOCALE=en; Path=/; Expires=Mon, 12 Jan 2026 18:18:11 GMT; Max-Age=2592000; SameSite=lax
Other Headers
6 headers
Cache-Status
Other
"Netlify Durable"; fwd=bypass, "Netlify Edge"; fwd=miss;detail=p1
Date
Other
Sat, 13 Dec 2025 18:18:14 GMT
Link
Other
</_next/static/media/048df9d641c92b20-s.p.woff>; rel=preload; as="font"; crossorigin=""; type="font/woff", </_next/static/media/6f95356c3476a178-s.p.woff>; rel=preload; as="font"; crossorigin=""; type="font/woff"
Netlify-Vary
Other
query=__nextDataReq|_rsc,header=x-nextjs-data|x-next-debug-logging|next-router-prefetch|next-router-segment-prefetch|next-router-state-tree|next-url|rsc|accept-encoding,cookie=__prerender_bypass|__next_preview_data
X-Middleware-Rewrite
Other
/en
X-Nf-Request-Id
Other
01KCCEYGKAZCNZD9X20FQ93ARA
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 2908ms