Open
Cached
·
just now
22
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Weak
frame-ancestors
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Significantly strengthen CSP directives
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Origin
Caching Headers
1 headers
Cache-Control
Caching
max-age=30, public, must-revalidate
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
2 headers
Server
Server
cloudflare
X-Runtime
Server
0.417484
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
__cf_bm=hNdCh2nItGQqwP2j.irCdFExM3UQeQzEZI_26eo6fdI-1767399998-1.0.1.1-6VOvdD6on2Q6SI_AuElYxnBNoU8QCRjPlqPRFIvwdFxRuysYL5io5gaZVczYy_EDmG7I4xeK0Qu6lkhrg4f3_4ISCP.uKxzCDUc5mUkllvo; path=/; expires=Sat, 03-Jan-26 00:56:38 GMT; domain=.status.anyscale.com; HttpOnly; Secure; SameSite=None
Other Headers
8 headers
Alt-Svc
Other
h3=":443"; ma=86400
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
9b7e5da3f91a3b0e-IAD
Content-Security-Policy-Report-Only
Other
default-src 'none'; base-uri 'self'; child-src 'self' https:; connect-src 'self' https: https://*.usepylon.com wss://*.pusher.com wss://*.collab.tiptap.cloud; font-src 'self' https: data: https://*.usepylon.com; form-action 'self' https:; frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com teams.cloud.microsoft *.datadoghq.com; frame-src 'self' https:; img-src 'self' https: data: blob: https://*.usepylon.com https://pylon-avatars.s3.us-west-1.amazonaws.com https://d3vl36l12sfx26.cloudfront.net; manifest-src 'self'; media-src 'self' https: data:; script-src 'self' https: https://widget.usepylon.com unpkg.com cdn.tailwindcss.com www.googletagmanager.com *.rootly.com cdn.jsdelivr.net *.rootly.net.cn api.segment.io cdn.segment.com 'nonce-dq21dNDFKMA5pE+/RrP/2g=='; script-src-elem www.googletagmanager.com; style-src 'self' https: 'unsafe-inline' https://*.usepylon.com; worker-src 'self' https:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubcc1b8f1c2f10afdc6b082eb2129d0b40&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=environment:production&service:external-sp-rootly
Date
Other
Sat, 03 Jan 2026 00:26:38 GMT
Link
Other
</assets/application-3bd6ec6afb3d0b76f80ab6b155db84e2e8b1b68adbf1025711f9222105f3f1de.css>; rel=preload; as=style; nopush,</assets/tailwind-5079ccfcb112bf1dd9ea5f10afff66f6c0adf8168940d9ae62bbfbd668e60cf3.css>; rel=preload; as=style; nopush
X-Permitted-Cross-Domain-Policies
Other
none
X-Request-Id
Other
c79af444-0807-4e62-912b-33977b42432d
Recommendations
Enable compression (gzip/brotli) to improve performance