Open
Cached
·
just now
25
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Good
default-src; base-uri; connect-src; +8 more
default-src 'self'; base-uri 'self'; connect-src 'self' wss://*.intercom.io https://*.intercom.io https://*.intercom.com https://*.fin.ai https://*.intercom-messenger.com wss://*.intercom-messenger.com https://*.intercom-chat.com wss://*.intercom-chat.com https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://stats.g.doubleclick.net https://cdn.cookielaw.org https://*.onetrust.com; font-src data: https:; frame-ancestors 'self' https://intercomrades.support https://intercom.skilljar.com https://academy.fin.ai https://academy.intercom.com https://academy.guests.intercom.com https://app.intercom.com https://app.eu.intercom.com https://app.au.intercom.com https://intercomrades.intercom.com https://intercomrades.eu.intercom.com https://intercomrades.au.intercom.com https://fin.ai https://app.fin.ai https://app.eu.fin.ai https://app.au.fin.ai; frame-src 'self' https://platform.twitter.com https://staticxx.facebook.com https://fast.wistia.net https://fast.wistia.com https://www.useloom.com https://www.loom.com https://play.vidyard.com https://player.vimeo.com https://web.microsoftstream.com https://share.synthesia.io https://embed.app.guidde.com https://share.descript.com https://app.guideflow.com https://app.supademo.com https://supercut.ai https://demo.arcade.software https://www.facebook.com https://www.youtube.com https://www.youtube-nocookie.com https://content.jwplatform.com https://cdn.jwplayer.com https://players.brightcove.net https://intercom-sheets.com https://www.intercom-reporting.com https://*.sharepoint.com https://www.googletagmanager.com; img-src data: blob: https: http:; media-src data: blob: https:; object-src 'self' https://static.intercomassets.com; script-src 'self' https://connect.facebook.net https://platform.twitter.com https://static.intercomassets.com https://googleadservices.com https://googletagmanager.com https://google-analytics.com https://widget.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://intercom.help https://intercom-help.eu https://au.intercom.help https://cdn.cookielaw.org 'nonce-RXBTxSy/sQgpdH7do9sAe2/f4a0WavZSP1te9f4Fu14='; style-src 'self' 'unsafe-inline' https://fonts.intercomcdn.com https://static.intercomassets.com https://static.intercomcdn.com https://marketing.intercomassets.com https://marketing.intercomcdn.com https://intercom.help https://intercom-help.eu https://au.intercom.help https://static.intercomassets.eu https://static.au.intercomassets.com
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Strengthen CSP by removing 'unsafe-eval'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Sec-Fetch-Site,Accept-Encoding
Caching Headers
2 headers
Cache-Control
Caching
max-age=0, private, must-revalidate
Etag
Caching
W/"c2155df977eda664aed99742126613fa"
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
2 headers
Server
Server
cloudflare
X-Runtime
Server
0.198050
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
__cf_bm=iWDHap5kgNSlU_NMIb1xuW71FTbtxUZYxtIJ4Lnr9Kk-1769420049-1.0.1.1-7sB48ve3TWUYojV_9U1zcj5J8t_Ma96Dg7OWXMIWi_sj21A4v2jG822L5zx9nxKN0mHi3qvsK_XzBtHCl8Z2as8HIQQlbfZlkjAUArEVV.9U0PWFTk41G21VH7M9tzbF; path=/; expires=Mon, 26-Jan-26 10:04:09 GMT; domain=.chess.com; HttpOnly; Secure; SameSite=None
Other Headers
11 headers
Alt-Svc
Other
h3=":443"; ma=86400
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
9c3f034c9db7bacc-IAD
Date
Other
Mon, 26 Jan 2026 09:34:09 GMT
Nel
Other
{"success_fraction":1,"report_to":"cf-nel","max_age":604800}
Report-To
Other
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=766OTOYH72o1QE%2FwRvaqd9Mii74vRDLnNkhcXQnQblLxIoZ6h1SActINW3Ci5avogpkJTFqrnjVQUKXqQTRAszzxf56kXdCD9cau8sGwT2qMW2FAQvWu08CCR7ygkpsJ7gDe"}],"group":"cf-nel","max_age":604800}
Status
Other
200 OK
X-Ami-Version
Other
ami-0dba7faab25715aa2
X-Intercom-Version
Other
ea6af44e4850d72f2e2627eeda8fc713511b87a2
X-Request-Id
Other
00005b4dq9oqi2fhnj10
X-Request-Queueing
Other
0
Recommendations
Enable compression (gzip/brotli) to improve performance