Open
Cached
·
just now
22
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=15724800; includeSubDomains
Content-Security-Policy
Weak
object-src; frame-src; font-src; +1 more
object-src *; frame-src 'self' blob: gtm.spafinder.com gleam.io ep2.adtrafficquality.google *.googleadservices.com nytrng.com form.typeform.com *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net geo.captcha-delivery.com *.niceincontact.com; font-src 'self' * data:; connect-src *;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
same-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Significantly strengthen CSP directives
- • Consider adding Permissions-Policy to control browser features
Performance Headers
4 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
x-fh-requested-host, accept-encoding
Caching Headers
2 headers
Cache-Control
Caching
max-age=3600
Etag
Caching
"3ce028e783aab488436cd0675753468e6bbc662d1d70edee1f787e7676ecd943"
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
0 headers
No server headers found
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
9 headers
Alt-Svc
Other
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
Date
Other
Mon, 12 Jan 2026 00:48:24 GMT
X-Cache
Other
HIT
X-Cache-Hits
Other
1
X-Content-Type
Other
nosniff
X-Frontend
Other
wordpress-spafinder-7c575954-2lvp4
X-Permitted-Cross-Domain-Policies
Other
master-only
X-Served-By
Other
cache-dfw-kdfw8210131-DFW
X-Timer
Other
S1768178905.505561,VS0,VE1
Recommendations
Enable compression (gzip/brotli) to improve performance