Open
Cached
·
just now
18
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=2592000; includeSubDomains; preload
Content-Security-Policy
Good
default-src; script-src; style-src; +10 more
default-src 'self'; script-src 'self' 'unsafe-inline' cdn-cookieyes.com: https: //www.googletagmanager.com https: //tagmanager.google.com https: //www.google-analytics.com https: //www.googletagservices.com https: //pagead2.googlesyndication.com https: //assets.calendly.com https: //*.intercom.io https: //*.intercomcdn.com https: //cdn.mxpnl.com https: //connect.facebook.net https: //tracking-api.g2.com https: //*.chilipiper.com https: //open.spotify.com https: //embed-cdn.spotifycdn.com https: //embed.spotify.com https: //s3-us-west-2.amazonaws.com https: //static.hotjar.com https: //*.hotjar.com https: //www.youtube.com https: //s.ytimg.com https://s3-us-west-2.amazonaws.com/b2bjsstore/b/ https: //b2bjsstore.s3-us-west-2.amazonaws.com/b/ https: //b-code.liadm.com/lc2.js https: //rp.liadm.com https: //idx.liadm.com; style-src 'self' 'unsafe-inline' https: //tagmanager.google.com https: //fonts.googleapis.com; connect-src 'self' *.cookieyes.com: cdn-cookieyes.com: https: //www.googletagmanager.com https: //analytics.google.com https: //*.analytics.google.com https: //www.google-analytics.com https: //www.googleadservices.com https: //pagead2.googlesyndication.com www.google.co.uk: https: //*.intercom.io wss: //*.intercom.io https: //hub-api.threecolts.com https: //api-js.mixpanel.com https: //api.mixpanel.com https: //www.facebook.com/tr/ https: //graph.facebook.com https: //business.facebook.com https: //api.eu.lever.co https: //*.chilipiper.com https: //threecolts.com https: //www.threecolts.com wss: //*.hotjar.com https: //content.hotjar.io https://pro.ip-api.com https: //alocdn.com/c/vn3d8u2u/a/xtarget/p.json https: //*.execute-api.us-west-2.amazonaws.com/b2bjsstore/b/; img-src 'self' data: blob: cdn-cookieyes.com: https: //www.googletagmanager.com https: //ssl.gstatic.com https: //www.google-analytics.com https: //www.googleadservices.com https: //pagead2.googlesyndication.com https: //www-assets.threecolts.com https: //static.intercomassets.com/ https: //*.intercomcdn.com https: //cdn.mxpnl.com https: //www.facebook.com https: //connect.facebook.net https: //firebasestorage.googleapis.com https: //storage.googleapis.com https: //testimonial.to https: //*.testimonial.to https: //open.spotify.com https: //i.scdn.co https: //embed-cdn.spotifycdn.com https: //embed.spotify.com https: //*.google.com https: //*.google.rs https: //*.google.co.uk https: //i.ytimg.com https: //s.ytimg.com; frame-src https://www.googletagmanager.com https: //tagmanager.google.com https: //googleads.g.doubleclick.net https: //static.doubleclick.net https: //calendly.com https: //td.doubleclick.net https: //player.vimeo.com https: //www.facebook.com https: //connect.facebook.net https: //app.screenloop.com https: //*.chilipiper.com https: //open.spotify.com https: //embed-cdn.spotifycdn.com https: //embed.spotify.com https: //*.hotjar.com https: //www.youtube.com https: //www.youtube-nocookie.com; object-src 'none'; font-src 'self' https: //fonts.gstatic.com data: https: //*.intercomcdn.com; media-src 'self' blob: https: //stage-www.dev3c.com https: //www.threecolts.com https: //www-assets.threecolts.com https: //player.vimeo.com https: //firebasestorage.googleapis.com https: //storage.googleapis.com https: //open.spotify.com https: //embed-cdn.spotifycdn.com https: //embed.spotify.com https: //www.youtube.com; base-uri 'self'; form-action 'self' https://connect.facebook.net; worker-src 'self' blob:; child-src 'self' https: //www.facebook.com https: //staticxx.facebook.com https: //open.spotify.com https: //embed-cdn.spotifycdn.com https: //embed.spotify.com
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Present
browsing-topics=()
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Strengthen CSP by removing 'unsafe-eval'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
accept-encoding
Caching Headers
2 headers
Etag
Caching
W/"69600e6f-38b85"
Last-Modified
Caching
Thu, 08 Jan 2026 20:07:11 GMT
Content Headers
1 headers
Content-Type
Content
text/html
Server Headers
1 headers
Server
Server
cloudflare
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
AWSALBCORS=mWspYcloCKg722gcPn8J9gk5Y3pGfoXXMB+ss9+T7fzIVD8ywEphDRJ+oa/3jaOQpNRtZmLN14tIgASOeNcisdpDqQF/RcayOz9iAsIlSeLVO3S2YElDHXCfMYPN; Expires=Sat, 17 Jan 2026 04:39:34 GMT; Path=/; SameSite=None; Secure
Other Headers
5 headers
Cf-Cache-Status
Other
MISS
Cf-Ray
Other
9bb97dc77d04b135-IAD
Date
Other
Sat, 10 Jan 2026 04:39:34 GMT
Nel
Other
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Report-To
Other
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=YLCGAXSEWgkKB2nrJNebj4KLiLm%2FN0P6mPamw1vQInhaLEKgG7EZcqtwulULM1N7AzmPWB69AcpHya2HJK8CB%2BLC0zly%2BfDz8tsoe29so7Ef"}]}
Recommendations
Enable compression (gzip/brotli) to improve performance
Add Cache-Control header to optimize caching