Open
Cached
·
just now
15
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=2592000
Content-Security-Policy
Basic
connect-src; default-src; font-src; +11 more
connect-src 'self' registry.tierra.net:8443 wss://registry.tierra.net:8443 *.tierra.net *.zdassets.com *.zendesk.com api.smooch.io wss://*.smooch.io *.sentry.io www.google-analytics.com; default-src 'none'; font-src 'self' static.tierra.net maxcdn.bootstrapcdn.com use.fontawesome.com use.typekit.net; frame-src 'self' www.youtube.com player.vimeo.com static.tierra.net; img-src 'self' *.tierra.net secure.gravatar.com *.wp.com *.amazonaws.com *.zendesk.com *.zdassets.com data:; media-src; object-src *.tierra.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' static.tierra.net ajax.googleapis.com www.googletagmanager.com maxcdn.bootstrapcdn.com use.fontawesome.com *.zdassets.com *.zendesk.com api.smooch.io *.clearhello.com js.stripe.com; style-src 'self' 'unsafe-inline' static.tierra.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com use.fontawesome.com *.typekit.net; upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self'; report-uri /special/report/csp; report-to default
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding
Caching Headers
0 headers
No caching headers found
Content Headers
1 headers
Content-Type
Content
text/html; charset=UTF-8
Server Headers
1 headers
Server
Server
nginx
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
cookie_notice=1; expires=Tue, 05-Feb-2036 00:24:56 GMT; Max-Age=315360000; path=/; domain=www.tierra.net; secure; HttpOnly
Other Headers
3 headers
Date
Other
Sat, 07 Feb 2026 00:24:56 GMT
Feature-Policy
Other
sync-xhr 'self'
Report-To
Other
{'group':'default','max_age':10886400,'endpoints':[{'url':'https://www.tierra.net/special/report/csp'}],'include_subdomains':true}
Recommendations
Enable compression (gzip/brotli) to improve performance
Add Cache-Control header to optimize caching