Open
Cached
·
just now
22
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Basic
default-src; child-src; connect-src; +8 more
default-src https 'self'; child-src * data: blob:; connect-src 'self' blob: www.dropbox.com api.dropboxapi.com s3.amazonaws.com/gumroad s3.amazonaws.com/gumroad/ s3.amazonaws.com/gumroad-public-storage s3.amazonaws.com/gumroad-public-storage/ gumroad-public-storage.s3.amazonaws.com gumroad-public-storage.s3.amazonaws.com/ www.google.com www.gstatic.com *.facebook.com *.facebook.net *.google-analytics.com *.g.doubleclick.net *.googletagmanager.com analytics.google.com *.analytics.google.com files.gumroad.com/ d1bdh6c3ceakz5.cloudfront.net/ *.braintreegateway.com www.paypalobjects.com *.paypal.com *.braintree-api.com iframe.ly help.gumroad.com gumroad.com wss://cable.gumroad.com assets.gumroad.com; font-src * data: blob:; frame-src * data: blob:; img-src * data: blob:; media-src * data: blob:; object-src * data: blob:; script-src 'self' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com js.stripe.com api.stripe.com connect-js.stripe.com *.braintreegateway.com *.braintree-api.com www.paypalobjects.com *.paypal.com *.google-analytics.com *.googletagmanager.com optimize.google.com www.googleadservices.com www.google.com www.gstatic.com *.facebook.net *.facebook.com www.dropbox.com s.ytimg.com cdn.iframe.ly platform.twitter.com cdn.jwplayer.com *.jwpcdn.com gumroad.us3.list-manage.com analytics.twitter.com help.gumroad.com unpkg.com/@lottiefiles/lottie-player@latest/ gumroad.com assets.gumroad.com 'nonce-Dsh7178sywNQXNfOultd3uyZJPVLrdM24QoMJOKLzRo=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' s.ytimg.com optimize.google.com fonts.googleapis.com assets.gumroad.com; worker-src * data: blob:
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Origin
Caching Headers
1 headers
Cache-Control
Caching
max-age=0, private, must-revalidate
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
2 headers
Server
Server
cloudflare
X-Runtime
Server
0.521102
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
_gumroad_app_session=3uofmncoeSME0iNshSzptZhIOrYl1EbSazkICJgLimuBMRrWhM%2B8KshfsgqMRSycebE9hPlHOLQMoM2%2BG82N0s6yBL142g2Tym3Cp%2BFHtBjuTYmKiK%2BtN5ceoJg%2Fs3PDML8%2FgtdJ%2BdP3e34m2ySgWS0ZuMw7t7X2SA%2BkpAqBvoCMRdUpAaQhvAlDMPkWMz0DutsJfViHvNt9iDiVqcrf1czcRRA%2BF9FIiDS00Bch5ZDwkx5dIWbXhUgEOhdxwmyhKorgYpY3Dx23vHWOxeO9F9gBf1ccHwyOdVekbGwt4b74xH2XFJ5rc%2BgIMb5Rksb5j87sDrnOgJnxAS70mFJ%2FDV2oLykvgoQfG%2F9%2FyL2%2F4pLyoVCn788E2qRqbEFErA%3D%3D--1LdTZ83%2BhFkQB3vP--4lcZxgEfxJ6Xbe3ink9iJg%3D%3D; domain=gumroad.com; path=/; expires=Sat, 31 Jan 2026 08:10:27 GMT; secure; httponly; samesite=lax
Other Headers
11 headers
Alt-Svc
Other
h3=":443"; ma=86400
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
9b684cf0ed308220-IAD
Date
Other
Wed, 31 Dec 2025 08:10:27 GMT
Link
Other
<https://assets.gumroad.com/packs/css/design-04391acc.css>; rel=preload; as=style; crossorigin=anonymous; nopush,<https://assets.gumroad.com/assets/application-cbf244e9109e70d7b04497041636f00173a1e588f9b879b3a3ef11f8dfb86e5c.js>; rel=preload; as=script; nopush
X-Download-Options
Other
noopen
X-Gr
Other
PROD
X-Original-Headers-Class
Other
Rack::Headers
X-Permitted-Cross-Domain-Policies
Other
none
X-Request-Id
Other
d29c44ad-b901-4257-8acf-1dbededec644
X-Revision
Other
8a022033efe2
Recommendations
Enable compression (gzip/brotli) to improve performance