Open
Cached
·
just now
15
Headers
Detected Technologies from Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
Accept-Ranges
bytes
Connection
close
accept-ranges: bytes connection: close
Caching Headers
Age
0
Cache-Control
public,max-age=0,must-revalidate
Etag
"75b3c54d948e9319adecdd37ae908f13-ssl"
age: 0 cache-control: public,max-age=0,must-revalidate etag: "75b3c54d948e9319adecdd37ae908f13-ssl"
Content Headers
Content-Length
3884
Content-Type
text/html; charset=UTF-8
content-length: 3884 content-type: text/html; charset=UTF-8
Server Headers
Server
Netlify
server: Netlify
CORS Headers
No CORS headers found
Cookies Headers
Other Headers
Cache-Status
"Netlify Edge"; fwd=miss
Context-Security-Policy-Report-Only
default-src 'self' 'unsafe-inline' https://*.pinecone.io; script-src 'report-sample' 'self' https://cdn.cr-relay.com/v1/site/02c279ff-caae-42dd-a103-e8a570d867a9/signals.js https://cdn.heapanalytics.com/js/heap-*.js https://js.stripe.com/v3 https://pinecone.us2app.churnzero.net/churnzero.js https://pocustrack.com/pocus.js https://script.hotjar.com/modules.*.js https://static.hotjar.com/c/hotjar-*.js https://status.pinecone.io/embed/script.js https://www.googleadservices.com/pagead/conversion/* https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self' https://fonts.googleapis.com https://pinecone.us2app.churnzero.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://analytics.churnzero.net https://analytics.google.com https://api-ingest.pocustrack.com https://api.cr-relay.com https://app.launchdarkly.com https://clientstream.launchdarkly.com https://content.hotjar.io https://events.launchdarkly.com https://o375717.ingest.sentry.io https://pinecone.us2app.churnzero.net https://rum.browser-intake-datadoghq.com https://stats.g.doubleclick.net https://vr8gru94.apicdn.sanity.io https://www.google.ca https://*.pinecone.io wss://ws.hotjar.com; font-src 'self' https://fonts.gstatic.com https://pinecone.*.churnzero.net; frame-src 'self' https://storage.googleapis.com/ https://619nm1q7y3ql.statuspage.io https://js.stripe.com https://td.doubleclick.net; img-src 'self' data: https://googleads.g.doubleclick.net https://heapanalytics.com https://www.google.ca; manifest-src 'self'; media-src 'self'; worker-src 'none'; require-trusted-types-for 'script'; report-to datadog-report;
Date
Wed, 06 May 2026 06:31:02 GMT
Reporting-Endpoints
datadog-report="https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubcfe58d3eeb08a5493bcbeb778e002aca&dd-evp-origin=content-security-policy&ddsource=csp-report"
X-Nf-Request-Id
01KQXZQ5NHK9XN995AKRDVZZ4D
cache-status: "Netlify Edge"; fwd=miss context-security-policy-report-only: default-src 'self' 'unsafe-inline' https://*.pinecone.io; script-src 'report-sample' 'self' https://cdn.cr-relay.com/v1/site/02c279ff-caae-42dd-a103-e8a570d867a9/signals.js https://cdn.heapanalytics.com/js/heap-*.js https://js.stripe.com/v3 https://pinecone.us2app.churnzero.net/churnzero.js https://pocustrack.com/pocus.js https://script.hotjar.com/modules.*.js https://static.hotjar.com/c/hotjar-*.js https://status.pinecone.io/embed/script.js https://www.googleadservices.com/pagead/conversion/* https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self' https://fonts.googleapis.com https://pinecone.us2app.churnzero.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://analytics.churnzero.net https://analytics.google.com https://api-ingest.pocustrack.com https://api.cr-relay.com https://app.launchdarkly.com https://clientstream.launchdarkly.com https://content.hotjar.io https://events.launchdarkly.com https://o375717.ingest.sentry.io https://pinecone.us2app.churnzero.net https://rum.browser-intake-datadoghq.com https://stats.g.doubleclick.net https://vr8gru94.apicdn.sanity.io https://www.google.ca https://*.pinecone.io wss://ws.hotjar.com; font-src 'self' https://fonts.gstatic.com https://pinecone.*.churnzero.net; frame-src 'self' https://storage.googleapis.com/ https://619nm1q7y3ql.statuspage.io https://js.stripe.com https://td.doubleclick.net; img-src 'self' data: https://googleads.g.doubleclick.net https://heapanalytics.com https://www.google.ca; manifest-src 'self'; media-src 'self'; worker-src 'none'; require-trusted-types-for 'script'; report-to datadog-report; date: Wed, 06 May 2026 06:31:02 GMT reporting-endpoints: datadog-report="https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubcfe58d3eeb08a5493bcbeb778e002aca&dd-evp-origin=content-security-policy&ddsource=csp-report" x-nf-request-id: 01KQXZQ5NHK9XN995AKRDVZZ4D
Recommendations
Enable compression (gzip/brotli) to improve performance