Open
Cached
·
just now
22
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Basic
default-src; style-src; script-src; +11 more
default-src 'self' https://*.diligent.com https://*.flowise.theanswer.ai https://*.theanswer.ai localhost:8888 https://*.sentry.io https://*.facebook.com vitals.vercel-insights.com https://*.hubapi.com https://*.hsforms.com https://*.hs-scripts.com https://*.hsforms.net https://*.hscollectedforms.net https://*.netlify.app https://*.googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com https://cdn.optimizely.com https://cdn3.optimizely.com https://app.optimizely.com https://*.optimizely.com https://*.qualified.com; style-src 'self' 'unsafe-inline' https://diligent.com https://*.diligent.com https://*.sentry.io fonts.googleapis.com vitals.vercel-insights.com https://*.hs-scripts.com https://*.hsforms.net https://*.googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com http://*.marketo.com https://*.marketo.com https://*.netlify.app; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://diligent.com https://*.diligent.com https://*.flowise.theanswer.ai https://*.theanswer.ai https://*.sentry.io https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com vitals.vercel-insights.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hsadspixel.net https://*.hscollectedforms.net https://*.jquery.com https://*.hs-scripts.com https://*.hsforms.net netlify-cdp-loader.netlify.app http://*.marketo.com https://*.marketo.com https://www.redditstatic.com https://js.zi-scripts.com https://diligent.widget.insent.ai https://*.netlify.app https://cdn.bizible.com https://*.rudderlabs.com https://connect.facebook.net https://snap.licdn.com https://static.ads-twitter.com https://bat.bing.com https://j.6sc.co https://ct.capterra.com https://munchkin.marketo.net https://*.googlesyndication.com https://*.chilipiper.com https://*.crazyegg.com https://*.doubleclick.net https://*.cookiebot.com https://cdn.optimizely.com https://cdn3.optimizely.com https://app.optimizely.com https://*.optimizely.com https://js.qualified.com; connect-src 'self' https://diligent.com https://*.diligent.com https://*.flowise.theanswer.ai https://*.theanswer.ai localhost:8888 https://*.sentry.io https://*.facebook.com vitals.vercel-insights.com https://*.hubapi.com https://*.hsforms.com https://*.hs-scripts.com https://*.hsforms.net https://*.hscollectedforms.net https://*.netlify.app https://*.googletagmanager.com https://*.google-analytics.com https://pagead2.googlesyndication.com https://js.zi-scripts.com https://*.zoominfo.com https://pixel-config.reddit.com https://www.redditstatic.com https://conversions-config.reddit.com https://api.rudderstack.com https://px.ads.linkedin.com https://*.mktoresp.com http://*.mktoresp.com https://*.dataplane.rudderstack.com https://c.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://*.chilipiper.com https://*.rudderlabs.com https://*.crazyegg.com https://*.google.com https://*.doubleclick.net https://*.cookiebot.com https://cdn.optimizely.com https://cdn3.optimizely.com https://app.optimizely.com https://*.optimizely.com https://*.qualified.com wss://*.qualified.com https://bat.bing.com; font-src 'self' https://diligent.com https://*.diligent.com https://*.sentry.io fonts.gstatic.com https://*.hs-scripts.com https://*.hsforms.net data: https://*.googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com https://*.netlify.app; frame-src 'self' https://diligent.com https://*.diligent.com lastrev.com forms.hsforms.com https://play.vidyard.com https://*.theanswer.ai https://*.flowise.theanswer.ai https://*.googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com https://*.marketo.com https://diligent.widget.insent.ai https://*.netlify.app https://*.chilipiper.com https://*.fls.doubleclick.net https://www.facebook.com https://*.facebook.com https://*.cookiebot.com https://*.optimizely.com https://*.cdn.optimizely.com https://cdn.optimizely.com https://cdn3.optimizely.com https://app.optimizely.com https://*.qualified.com https://*.navattic.com; img-src * data: https://diligent.com https://*.diligent.com https://*.googletagmanager.com https://*.ctfassets.net https://*.googletagmanager.com https://*.google-analytics.com https://*.netlify.app https://*.qualified.com; media-src * data:; object-src 'none'; base-uri 'self'; form-action 'self' https://www.facebook.com https://*.facebook.com; frame-ancestors 'self' https://lastrev.com https://lr-live-editor.netlify.app https://*.theanswer.ai https://*.flowise.theanswer.ai http://localhost:3333 https://localhost:3333 https://*.sanity.studio https://*.sanity.io https://*.netlify.app https://diligent.com https://*.diligent.com; block-all-mixed-content; upgrade-insecure-requests;
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
camera=(), microphone=(), geolocation=()
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
RSC,Next-Router-State-Tree,Next-Router-Prefetch,Accept-Encoding
Caching Headers
3 headers
Age
Caching
86766
Cache-Control
Caching
public,max-age=0,must-revalidate
Etag
Caching
W/"k136pjaw198kdn-df"
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
2 headers
Server
Server
Netlify
X-Powered-By
Server
Next.js
CORS Headers
3 headers
Access-Control-Allow-Headers
Cors
Content-Type, Authorization, X-Requested-With
Access-Control-Allow-Methods
Cors
GET, POST, PUT, DELETE, OPTIONS
Access-Control-Max-Age
Cors
86400
Cookies Headers
1 headers
Set-Cookie
Cookies
COUNTRY=US; Secure; HttpOnly; Path=/
Other Headers
4 headers
Cache-Status
Other
"Netlify Edge"; hit, "Netlify Edge"; hit;detail=p1, "Netlify Edge"; fwd=miss;detail=p1
Date
Other
Sat, 17 Jan 2026 18:53:39 GMT
Netlify-Vary
Other
header=x-nextjs-data|x-next-debug-logging|next-router-prefetch|next-router-segment-prefetch|next-router-state-tree|next-url|rsc|accept-encoding,cookie=__prerender_bypass|__next_preview_data,query
X-Nf-Request-Id
Other
01KF6MWKGBV9P7XKRH25VCDSXA
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology