Open
Cached
·
just now
21
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Weak
upgrade-insecure-requests
X-Frame-Options
Present
ALLOW-FROM https://builder.io
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Significantly strengthen CSP directives
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Connection
Performance
Transfer-Encoding
Transfer-Encoding
Performance
chunked
Caching Headers
2 headers
Cache-Control
Caching
max-age=570189
Expires
Caching
Thu, 27 Nov 2025 19:26:59 GMT
Content Headers
1 headers
Content-Type
Content
text/html
Server Headers
0 headers
No server headers found
CORS Headers
1 headers
Access-Control-Allow-Origin
Cors
*
Cookies Headers
0 headers
No cookies headers found
Other Headers
9 headers
Content-Security-Policy-Report-Only
Other
default-src 'self' blob: https: data: mediastream: 'unsafe-eval' 'unsafe-inline'; connect-src cdn.builder.codes *.builder.io *.schneider-electric.com *.se.com glue.pes-stg.cloud.spryker.toys service.force.com *.apc.com nebula-cdn.kampyle.com ubt-eu.kampyle.com sbt-prod.kampyle.com udc-neb.kampyle.com *.ariba.com *.amazonaws.com twitter.com zinfi.net firebaselogging-pa.googleapis.com firebaseremoteconfig.googleapis.com firebaseinstallations.googleapis.com resources.digital-cloud.medallia.eu/ partnerassessment.secure.force.com se.my.salesforce.com se.my.salesforce-sites.com *.salesforceliveagent.com *.squared.com/* *.onetrust.com seadvantage.force.com:443/ seadvantage.my.site.com:443/ seadvantage.my.site.com/* *.pendo.io tag.commander1.com www.google-analytics.com *.google.com salesforce.com salesforceliveagent.com documentforce.com kampyle.com force.com cookielaw.org unpkg.com cdn.jsdelivr.net *.demandbase.com twimg.com *.twimg.com *.youtube.com *.zinfi.net *.google.ru akstat.io *.go-mpulse.net/* microsoft.com *.clipsal.com/* cdn.cookielaw.org maxcdn.bootstrapcdn.com *.dynatrace.com *.kampyle.com *.google-analytics.com *.amazoncognito.com *.doubleclick.net googlemaps.github.io *.googlemaps.github.io/* maps.googleapis.com *.googleapis.com *.zscaler.net static.lightning.force.com www.apc.com api.company-target.com js-cdn.dynatrace.com c.go-mpulse.net *.akstat.io *.applanga.com 'self' *.akstat.io/ *.d2osz8slymlqdp.cloudfront.net *.google.com.sa *.google.by su.symexbelgium.com d2osz8slymlqdp.cloudfront.net d2cbq57joo8non.cloudfront.net wss://*.execute-api.us-east-1.amazonaws.com wss://*.iot.us-east-1.amazonaws.com wss://4g5de7bcl4.execute-api.us-east-1.amazonaws.com wss://545sekhka2.execute-api.us-east-1.amazonaws.com wss://a307bjgfbycsj5-ats.iot.us-east-1.amazonaws.com wss://fjwji5pjgbbzzp2xmyispmyo6u.appsync-realtime-api.us-east-1.amazonaws.com wss://ixbskdr5a5bnbhl3qtwi5nhslu.appsync-realtime-api.us-east-1.amazonaws.com wss://qjye63smz5ggbb33xs4rn6hoiq.appsync-realtime-api.us-east-1.amazonaws.com wss://tu43ymv7pc.execute-api.us-east-1.amazonaws.com wss://0jyqaecg5j.execute-api.us-east-1.amazonaws.com wss://a307bjgfbycsj5-ats.iot.us-east-1.amazonaws.com wss://xbezullc75gyffaqf3npo2pavi.appsync-realtime-api.us-east-1.amazonaws.com; report-uri https://semyschneiderweb.report-uri.com/r/t/csp/reportOnly; script-src 'self' blob: https: data: mediastream: 'unsafe-eval' 'unsafe-inline' 'nonce-KYRNUm7VrU9T64Hb2RZNBA=='
Date
Other
Fri, 21 Nov 2025 05:03:50 GMT
Server-Timing
Other
ak_p; desc="1763701430270_389287725_57608859_783_6945_3_0_-";dur=1
X-Akamai-Transformed
Other
9 - 0 pmb=mRUM,3
X-Amz-Cf-Id
Other
u5hLipl-XLgTa18U402myWUaM5hC2kZbgPbwhe2qpiV7EyB4Rxt0JQ==
X-Amz-Cf-Pop
Other
IAD61-P3
X-Robots-Tag
Other
index, follow
X-Sveltekit-Page
Other
true
X-Ua-Compatible
Other
IE=edge,chrome=1
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 255ms