Open
Cached
·
3h ago
22
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Basic
upgrade-insecure-requests; script-src; child-src; +10 more
upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.alejo.com https://*.fracttal.com https://*.totango.com https://aistudio.fracttal.com https://ajax.cloudflare.com https://app.getbeamer.com https://app.intercom.io https://*.customer.io https://code.gist.build https://cdn.segment.com https://cdn.socket.io https://cdn.socket.io https://chatdev.fracttal.com https://fracttal-ai-dev.s3.amazonaws.com https://fracttal-ai-dev.s3.amazonaws.com https://fracttal-community-paris.s3.eu-west-3.amazonaws.com https://fracttal-community.s3.amazonaws.com https://fracttal-deploy-s3-paris.s3.eu-west-3.amazonaws.com https://fracttal-deploy-s3.s3.us-east-1.amazonaws.com https://fracttal-dev-paris.s3.eu-west-3.amazonaws.com https://fracttal-dev.s3.amazonaws.com https://fracttal-fs-paris.s3.amazonaws.com https://fracttal-fs-paris.s3.eu-west-3.amazonaws.com https://fracttal-fs.s3.amazonaws.com https://fracttal-fs.s3.eu-west-3.amazonaws.com https://fracttal-paris-fs.s3.eu-west-3.amazonaws.com https://js-na1.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hscollectedforms.net https://js.hsforms.net https://js.intercomcdn.com https://js.intercomcdn.com https://maps.google.com https://maps.googleapis.com https://mng-ui-prod.s3.amazonaws.com https://mng-ui-prod.s3.eu-west-3.amazonaws.com https://mng.fracttal.com https://mngdev.fracttal.com https://pod-13-sunco-ws.zendesk.com https://pod-13.zendesk.com https://sonar-community.fracttal.com https://sonar.dev.fracttal.com https://sonar.dev.fracttal.com https://static.cloudflareinsights.com https://static.getbeamer.com https://static.zdassets.com https://tonybot-ai-paris.s3.eu-west-3.amazonaws.com https://tonybot-ai-paris.s3.eu-west-3.amazonaws.com https://tonybot-ai.s3.us-east-1.amazonaws.com https://widget.intercom.io wss://pod-13-sunco-ws.zendesk.com; child-src https://intercom-sheets.com https://fast.wistia.net https://intercom-sheets.com https://player.vimeo.com https://www.intercom-reporting.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.fracttal.com https://aistudio.fracttal.com https://app.getbeamer.com https://app.getbeamer.com https://cdn.segment.com https://chatdev.fracttal.com https://fonts.googleapis.com https://openlayers.org https://static.intercomassets.com; img-src 'self' 'unsafe-inline' blob: data: https://*.fracttal.com https://*.ggpht.com https://*.googleapis.com https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://*.intercom-attachments-9.com https://*.customer.io https://*.totango.com https://aistudio.fracttal.com https://app.getbeamer.com https://chatdev.fracttal.com https://downloads.intercomcdn.com https://flagcdn.com https://forms.hsforms.com https://fracttal-ai-dev.s3.amazonaws.com https://fracttal-ai-dev.s3.amazonaws.com https://fracttal-community-paris.s3.eu-west-3.amazonaws.com https://fracttal-community.s3.amazonaws.com https://fracttal-deploy-s3-paris.s3.eu-west-3.amazonaws.com https://fracttal-deploy-s3.s3.us-east-1.amazonaws.com https://fracttal-dev-paris.s3.eu-west-3.amazonaws.com https://fracttal-dev.s3.amazonaws.com https://fracttal-fs-paris.s3.eu-west-3.amazonaws.com https://fracttal-fs.s3.amazonaws.com https://fracttal-paris-fs.s3.eu-west-3.amazonaws.com https://fracttales.zendesk.com https://gifs.intercomcdn.com https://js.intercomcdn.com https://maps.google.com https://maps.gstatic.com https://messenger-apps.intercom.io https://mng-ui-prod.s3.amazonaws.com https://mng-ui-prod.s3.eu-west-3.amazonaws.com https://p13.zdusercontent.com https://static.getbeamer.com https://static.intercomassets.com https://static.zdassets.com https://tonybot-ai-paris.s3.eu-west-3.amazonaws.com https://tonybot-ai-paris.s3.eu-west-3.amazonaws.com https://tonybot-ai.s3.us-east-1.amazonaws.com https://track.hubspot.com https://uploads.intercomusercontent.com https://avatars.githubusercontent.com https://user-images.githubusercontent.com https://v2assets.zopim.io https://video-messages.intercomcdn.com https://www.gravatar.com https://www.gstatic.com; media-src https://js.intercomcdn.com; font-src 'self' data: http://fonts.intercomcdn.com https://*.fracttal.com https://aistudio.fracttal.com https://app.getbeamer.com https://chatdev.fracttal.com https://fonts.googleapis.com https://fonts.gstatic.com https://js.intercomcdn.com; form-action https://intercom.help http://*.internal.fracttal.com https://*.fracttal.com https://api-iam.intercom.io https://app.getbeamer.com; default-src 'self' blob:; connect-src 'self' blob: data: https://*.fracttal.com https://aistudio.fracttal.com https://api-iam.intercom.io https://api-ping.intercom.io https://api.intercom.io https://api.segment.io https://assets1.lottiefiles.com https://assets3.lottiefiles.com https://*.cloud.gist.build https://*.getbeamer.com https://cdn.segment.com https://chatdev.fracttal.com https://dev-ccmha47qgmagop4f.us.auth0.com https://ekr.zdassets.com https://forms.hubspot.com https://fracttal-ai-dev.s3.amazonaws.com https://fracttal-ai-dev.s3.amazonaws.com https://fracttal-ai-dev.s3.amazonaws.com https://fracttal-community-paris.s3.amazonaws.com https://fracttal-community-paris.s3.amazonaws.com https://fracttal-community-paris.s3.eu-west-3.amazonaws.com https://fracttal-community.s3.amazonaws.com https://fracttal-community.s3.eu-west-3.amazonaws.com https://fracttal-deploy-s3-paris.s3.eu-west-3.amazonaws.com https://fracttal-deploy-s3.s3.us-east-1.amazonaws.com https://fracttal-dev-paris.s3.eu-west-3.amazonaws.com https://fracttal-dev.s3.amazonaws.com https://fracttal-fs-paris.s3.amazonaws.com https://fracttal-fs-paris.s3.eu-west-3.amazonaws.com https://fracttal-fs.s3.amazonaws.com https://fracttal-paris-fs.s3.eu-west-3.amazonaws.com https://fracttal.eu.auth0.com https://fracttales.zendesk.com https://maps.google.com https://maps.googleapis.com https://mng-ui-prod.s3.amazonaws.com https://mng-ui-prod.s3.eu-west-3.amazonaws.com https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://pod-13-sunco-ws.zendesk.com https://pod-13.zendesk.com https://roads.googleapis.com https://tonybot-ai-paris.s3.eu-west-3.amazonaws.com https://tonybot-ai-paris.s3.eu-west-3.amazonaws.com https://tonybot-ai.s3.us-east-1.amazonaws.com https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://zendesk-eu.my.sentry.io wss://dev.fracttal.com wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io wss://one.fracttal.com wss://pod-13-sunco-ws.zendesk.com wss://pod-13.zendesk.com; worker-src 'self' blob: *.fracttal.com; frame-src 'self' https://*.fracttal.com https://*.intercom.io https://371psd0fr0zk.statuspage.io https://aistudio.fracttal.com https://app.getbeamer.com https://chatdev.fracttal.com https://intercom-sheets.com https://maps.google.com https://maps.googleapis.com https://push.getbeamer.com https://view.officeapps.live.com https://www.intercom-reporting.com/; frame-ancestors 'self' https://one.fracttal.com https://app.fracttal.com https://develop.fracttal.com https://*.dev.fracttal.com https://*.fracttal.com https://chat.fracttal.com https://chatdev.fracttal.com https://aistudiodev.fracttal.com https://aistudio.fracttal.com capacitor://localhost http://localhost
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
same-origin
Permissions-Policy
Present
geolocation=(self), camera=(self "https://chatdev.fracttal.com"), fullscreen=(*), microphone=(self "https://chatdev.fracttal.com"), clipboard-read=(self "https://chatdev.fracttal.com"), clipboard-write=(self "https://chatdev.fracttal.com")
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
accept-encoding
Caching Headers
1 headers
Cache-Control
Caching
max-age=0
Content Headers
1 headers
Content-Type
Content
text/html;charset=utf-8
Server Headers
1 headers
Server
Server
cloudflare
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
__cf_bm=XL_yXPNVIUI0Cuh5GkSKGX3G_mZt2sIYn9pCC4sx4vI-1770781594.6935623-1.0.1.1-n2rJKCLbLtBWeyYc4MhVr1Oxl3ALK.G48sB9KwIpaxkxt3uZT2hY6bfYFt3aFISu0WF.M6RfSsKEbPVbYkWVjrVqbfaeOV1qdnHqpBcwMZZ_GoZqEtqNQMJwEaMhPlVD; HttpOnly; Secure; Path=/; Domain=fracttal.com; Expires=Wed, 11 Feb 2026 04:16:34 GMT
Other Headers
7 headers
Alt-Svc
Other
h3=":443"; ma=86400
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
9cc0dc26df673879-IAD
Date
Other
Wed, 11 Feb 2026 03:46:34 GMT
Server-Timing
Other
cfEdge;dur=27,cfOrigin;dur=248
Speculation-Rules
Other
"/cdn-cgi/speculation"
X-Permitted-Cross-Domain-Policies
Other
none
Recommendations
Enable compression (gzip/brotli) to improve performance