Open
Cached
·
just now
20
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Good
default-src; script-src; script-src-elem; +7 more
default-src 'self' stonly.com *.stonly.com; script-src 'self' 'nonce-alpine-MaLc0onroV' 'nonce-alpine-qS9DMu3gQ1' 'nonce-alpine-qNqU8FaR3S' 'nonce-tradier-OaJPZFGS2o' 'nonce-tradier-e7I7ezUpVY' 'nonce-tradier-767oCEojoK' 'nonce-tradier-QvH5UIzAaB' 'nonce-tradier-9bicLG8b25' 'nonce-tradier-T1sY0OxPFY' 'nonce-tradier-luIFuFKAp9' 'nonce-tradier-uq3w1Vr51E' 'nonce-tradier-8TMzHh1C8V' 'nonce-tradier-dET8k2kJQl' 'nonce-tradier-vE0oJwx3HO' 'nonce-tradier-j10EVOLasq' 'nonce-tradier-4LAjh2qL21' 'nonce-stonly-tYLDXOjX76' 'nonce-stonly-WTm0JyEsqM' embed.typeform.com js.hsforms.net www.googletagmanager.com *.doubleclick.net d.adroll.com s.adroll.com googleads.g.doubleclick.net *.wisepops.com app.getwisp.co wisepops.net cdn.wisepops.net stonly.com *.stonly.com; script-src-elem 'self' netlify-rum.netlify.app vercel.live/_next-live/feedback/feedback.js connect.facebook.net www.googletagmanager.com www.google-analytics.com embed.typeform.com js.hsforms.net js.hs-scripts.com *.adroll.com js.hs-banner.com js.hsadspixel.net js.hs-analytics.net cdn.mxpnl.com *.wisepops.com wisepops.net stonly.com *.stonly.com 'nonce-alpine-MaLc0onroV' 'nonce-alpine-qS9DMu3gQ1' 'nonce-alpine-qNqU8FaR3S' 'nonce-tradier-OaJPZFGS2o' 'nonce-tradier-e7I7ezUpVY' 'nonce-tradier-767oCEojoK' 'nonce-tradier-QvH5UIzAaB' 'nonce-tradier-9bicLG8b25' 'nonce-tradier-T1sY0OxPFY' 'nonce-tradier-luIFuFKAp9' 'nonce-tradier-uq3w1Vr51E' 'nonce-tradier-8TMzHh1C8V' 'nonce-tradier-dET8k2kJQl' 'nonce-tradier-vE0oJwx3HO' 'nonce-tradier-j10EVOLasq' 'nonce-tradier-4LAjh2qL21' 'nonce-tradier-zJ3IZeGBJ0' 'nonce-stonly-tYLDXOjX76' 'nonce-stonly-WTm0JyEsqM' 'sha256-19DqsmrnI20bW+i+IGzv5rjMPP7Sp+JNbNxF+f4dkf0=' 'sha256-Nl2+22hl1U2LDEbzm5bmkay6skuCPFMaO/KZBO+1/Vg=' 'sha256-BiaLSZnJ9+OYVc64TceNbbXiOVmWPtl64B4sNfxJb/M=' 'sha256-FnvgEoQt5vCXD4dgabs37oYOvMmXYIihB9fpPUGb/WY=' 'sha256-RMQCssDiZCoGbV1rRYb4DZHAQaIq/Ehmup6CfEhCyjg=' 'sha256-beo5y8GViOdNuaTEDJTJ/KKB5ycglCnF5Zc8ujhdd80=' 'sha256-gPjlli1HEdLlR0AZTY971/wQVOdSkl9mEinLnxrPpJw=' 'sha256-NzhNJEDf732CUfDm8e4e6VoMw1yscVBzSAPNJIiDDkQ=' 'sha256-THe0h+/0EY0lOHit6yyuvCXAJ28BrMYPWYGXHhwXJ8Y=' 'sha256-+YCYJj/3Q5ySNQ8NROQl+od78SQRjNAaBBMWlRUuuwU=' 'sha256-0FfP5/LVuEKfAPBK35jqnQfeHDDlwBnMQxnqM+Cx5GY=' 'sha256-qVa8eMpTUS9t+MnUr5yr+OyBTGW9XGCgoUc4WqM8osg=' 'sha256-4cvDi3C1V91CpX65rMsWSIu7i4mNA/RaNZ0tGW9r4nY='; connect-src 'self' *.nsvcs.net ingesteer.services-prod.nsvcs.net www.facebook.com analytics.google.com www.google-analytics.com region1.analytics.google.com translate.googleapis.com *.doubleclick.net *.google.com www.google.com forms.hsforms.com api.hubapi.com *.wisepops.com app.getwisp.co wisepops.net api-js.mixpanel.com forms-na1.hubspot.com https://hubspot-forms-static-embed.s3.amazonaws.com/prod/4862349/2c66c612-81a4-4370-abc9-6d7626326280.json.gz https://hubspot-forms-static-embed.s3.amazonaws.com/prod/4862349/74913fba-84fd-4c73-861e-38c9498b90c8.json.gz https://hubspot-forms-static-embed.s3.amazonaws.com/prod/4862349/550fe60c-6808-4d5a-94b0-d3a15587bdad.json.gz stonly.com *.stonly.com; img-src 'self' translate.google.com fonts.gstatic.com www.google.com www.googletagmanager.com img.youtube.com forms.hsforms.com forms-na1.hsforms.com *.facebook.com d.adroll.com s.adroll.com googleads.g.doubleclick.net ipv4.d.adroll.com x.adroll.com track.hubspot.com *.wisepops.com wisp-production-storage.s3.amazonaws.com *.wisepops.net data: media.stonly.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com embed.typeform.com; base-uri 'self'; form-action 'self' forms.hsforms.com; font-src 'self' fonts.gstatic.com data:; frame-src 'self' youtube.com www.youtube.com www.googletagmanager.com form.typeform.com forms.hsforms.com *.doubleclick.net *.adroll.com *.wisepops.com wisepops.net ibportal.gainfutures.com demoform.cqg.com vercel.live stonly.com *.stonly.com *.tradier.com;
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Strengthen CSP by removing 'unsafe-eval'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Caching Headers
4 headers
Age
Caching
2322
Cache-Control
Caching
public, max-age=0, must-revalidate
Etag
Caching
"38c310fc28ec0e392b2ed233129093e3"
Last-Modified
Caching
Tue, 30 Dec 2025 21:31:12 GMT
Content Headers
3 headers
Content-Disposition
Content
inline
Content-Length
Content
84401
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
Server
Server
Vercel
CORS Headers
1 headers
Access-Control-Allow-Origin
Cors
*
Cookies Headers
0 headers
No cookies headers found
Other Headers
3 headers
Date
Other
Tue, 30 Dec 2025 22:09:54 GMT
X-Vercel-Cache
Other
HIT
X-Vercel-Id
Other
iad1::f7kp6-1767132594757-7da5d32a5449
Recommendations
Enable compression (gzip/brotli) to improve performance