Open
Cached
·
just now
17
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=15724800; includeSubDomains
Content-Security-Policy
Basic
frame-ancestors; block-all-mixed-content; default-src; +13 more
frame-ancestors 'self';block-all-mixed-content;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://rum-agent.na-01.cloud.solarwinds.com https://*.sentry.io https://*.nr-data.net https://app.intercom.io https://browser.sentry-cdn.com https://cdn.jsdelivr.net https://cdn.lr-in-prod.com https://cdn.headwayapp.co https://cdnjs.cloudflare.com https://js.sentry-cdn.com https://js.userflow.com https://cdn.userflow.com https://js.getuserflow.com https://js-agent.newrelic.com https://js.intercomcdn.com https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://widget.intercom.io https://*.hsforms.net https://*.hsforms.com;style-src 'self' 'report-sample' 'unsafe-inline' *.bootstrapcdn.com cdn.jsdelivr.net cdn.headwayapp.co cdn.userflow.com js.userflow.com cdnjs.cloudflare.com fonts.googleapis.com js.userflow.com;object-src 'none';frame-src 'self' headway-widget.net www.intercom-reporting.com https://*.hsforms.net https://*.hsforms.com;child-src 'self' fast.wistia.net intercom-sheets.com player.vimeo.com www.youtube.com www.intercom-reporting.com;img-src 'self' data: https: http: *.lr-in-prod.com *.squadcast.tech *.squadcast.xyz *.squadcast.com blob.userflow.com cdn.userflow.com js.userflow.com storage.googleapis.com/studio1-prod-blob/ *.intercomcdn.com *.intercom-cdn.com *.sentry.io;font-src 'self' data: *.bootstrapcdn.com *.intercomcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com;connect-src 'self' data: https: http: wss: ws: *.cubecloudapp.dev cdn.userflow.com js.userflow.com e.userflow.com *.lr-in-prod.com *.squadcast.com *.squadcast.xyz *.squadcast.tech *.intercom.io *.nr-data.net *.sentry.io cdn.jsdelivr.net cdnjs.cloudflare.com e.userflow.com fonts.gstatic.com fonts.googleapis.com storage.googleapis.com sentry.io uploads.intercomusercontent.com uploads.intercomcdn.com https://rum-collector.na-01.cloud.solarwinds.com;manifest-src manifest-src 'self';base-uri 'self';form-action 'self' api-iam.intercom.io intercom.help https://*.hsforms.net https://*.hsforms.com;media-src 'self' blob: *.lr-in-prod.com js.intercomcdn.com blob.userflow.com cdn.userflow.com storage.googleapis.com/studio1-prod-blob/ *.squadcast.com *.squadcast.tech *.squadcast.xyz storage.googleapis.com ;worker-src 'self' blob:
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
Performance Headers
3 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Caching Headers
1 headers
Last-Modified
Caching
Wed, 04 Feb 2026 05:48:12 GMT
Content Headers
1 headers
Content-Type
Content
text/html
Server Headers
1 headers
Server
Server
cloudflare
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
5 headers
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
9c967c363fd00585-IAD
Date
Other
Fri, 06 Feb 2026 00:21:03 GMT
Nel
Other
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Report-To
Other
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=p%2FoZGH3NCIUoorFuamAOPx8N10c%2BCnCP0hjTqoIdr9AXZX%2BmptV2a8yHd%2BmL%2BKr40phbbK0Aznm2w%2Fg1LXqALXJ7SEM040GApmMLKvtVPPk%3D"}]}
Recommendations
Enable compression (gzip/brotli) to improve performance
Add Cache-Control header to optimize caching