Open
Cached
·
just now
22
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains;
Content-Security-Policy
Basic
base-uri; default-src; connect-src; +14 more
base-uri 'none'; default-src 'self' https: *.ometria.com ometria.cmsassets.com *.prismic.io *.6sense.com *.typeform.com *.youtube.com https://youtu.be youtube.com *.youtube-nocookie.com *.hubspot.com *.geoplugin.net ometria.workable.com *.hotjar.com player.vimeo.com cookie-cdn.cookiepro.com www.google.com www.google.co.uk w3.org; connect-src 'self' https: ws: ometria.cmsassets.com ometria.cdn.prismic.io cookie-cdn.cookiepro.com *.analytics.google.com *.google.com *.google.co.uk *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net pagead2.googlesyndication.com *.6sense.com *.adroll.com *.ads.linkedin.com *.hubapi.com *.hubspot.com *.hsforms.com api.hsforms.com js.hs-scripts.com hubspot-forms-static-embed.s3.amazonaws.com *.oribi.io *.hotjar.io *.6sc.co *.hotjar.com secure.adnxs.com geolocation.onetrust.com c.6sc.co ib.adnxs.com cookiepro.blob.core.windows.net; font-src 'self' https: data:; form-action 'self' forms.hsforms.com api.hsforms.com; frame-ancestors 'self' ometria.prismic.io; frame-src 'self' ometria.prismic.io youtu.be youtube.com *.youtube-nocookie.com *.youtube.com *.hsforms.net *.hsforms.com *.google.com *.googletagmanager.com td.doubleclick.net; img-src 'self' data: blob: ometria.cmsassets.com ometria.cdn.prismic.io *.prismic.io *.cookiepro.com *.hsforms.net *.hsforms.com track.hubspot.com px.ads.linkedin.com *.google.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net ssl.gstatic.com www.gstatic.com www.facebook.com; manifest-src 'self'; media-src 'self' ometria.cmsassets.com ometria.cdn.prismic.io; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'wasm-unsafe-eval' 'unsafe-inline' 'strict-dynamic' 'nonce-HsCy3bDoO3k+dTa0TAlDLA==' *.prismic.io *.hsforms.net *.hsforms.com js.hs-scripts.com js.hsleadflows.net js.hs-analytics.net js.hsadspixel.net js.hs-banner.com cookie-cdn.cookiepro.com *.typeform.com *.facebook.net www.googleadservices.com googleads.g.doubleclick.net www.google.com www.google.co.uk *.googletagmanager.com tagmanager.google.com www.gstatic.com www.google-analytics.com secure.easy7bear.com s.adroll.com *.hotjar.com d.adroll.com j.6sc.co snap.licdn.com; upgrade-insecure-requests; worker-src 'self'; child-src 'self' *.hsforms.com;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer
Permissions-Policy
Present
accelerometer=(), autoplay=(), camera=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=()
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
Performance Headers
2 headers
Connection
Performance
close
Vary
Performance
Accept-Encoding
Caching Headers
0 headers
No caching headers found
Content Headers
2 headers
Content-Length
Content
1021989
Content-Type
Content
text/html;charset=utf-8
Server Headers
1 headers
Server
Server
nginx
CORS Headers
2 headers
Access-Control-Allow-Methods
Cors
GET, OPTIONS
Access-Control-Allow-Origin
Cors
https://staging.ometria.com
Cookies Headers
0 headers
No cookies headers found
Other Headers
6 headers
Date
Other
Mon, 01 Dec 2025 12:58:53 GMT
Origin-Agent-Cluster
Other
?1
X-Dns-Prefetch-Control
Other
off
X-Download-Options
Other
noopen
X-Permitted-Cross-Domain-Policies
Other
none
X-Robots-Tag
Other
noindex, nofollow
Recommendations
Enable compression (gzip/brotli) to improve performance
Add Cache-Control header to optimize caching
Analysis completed in 905ms