Open
Cached
·
just now
15
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Basic
default-src; font-src; frame-src; +8 more
default-src 'self' https://ucarecdn.com https://*.ucarecdn.com https://*.uploadcare.com https://*.cloudfront.net; font-src 'self' data: https://ucarecdn.com https://*.ucarecdn.com https://fonts.gstatic.com; frame-src 'self' https://ucarecdn.com https://*.uploadcare.com https://js.stripe.com https://js.chargify.com https://*.google.com https://*.youtube-nocookie.com https://*.facebook.com https://codepen.io https://codesandbox.io https://*.codesandbox.io https://zapier.com https://td.doubleclick.net https://www.googletagmanager.com https://hcaptcha.com https://*.hcaptcha.com; child-src 'self' blob:; media-src blob: data: ucarecdn.com *.ucarecdn.com *.ucarecd.net; style-src 'self' 'unsafe-inline' blob: https://ucarecdn.com https://*.ucarecdn.com https://*.uploadcare.com https://*.cloudfront.net https://unpkg.com https://js.stripe.com https://*.googleapis.com https://*.zapier.com https://*.integrately.com app-slash.buildwithfern.com https://cdn.cookiehub.eu https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' blob: https://*.cloudfront.net *.uploadcare.com uploadcare.com *.ucarecd.net https://*.s3-accelerate.amazonaws.com https://ucarecdn.com https://*.ucarecdn.com https://*.algolia.net https://*.algolianet.com https://js.stripe.com https://*.statuspage.io https://*.pingdom.net https://*.chargify.com wss://ws.pusherapp.com https://api.rollbar.com https://*.helpscout.net https://zapier.com https://*.zapier.com https://*.integrately.com https://api.getrewardful.com https://www.google.com https://analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://adservice.google.com https://*.googleadservices.com https://*.facebook.com https://bat.bing.com https://cdn.linkedin.oribi.io https://*.linkedin.com https://analytics.ahrefs.com js.zi-scripts.com ws.zoominfo.com https://registry.npmjs.org https://dev.visualwebsiteoptimizer.com https://cdn.cookiehub.eu https://consent-eu.cookiehub.net https://region-eu.cookiehub.net icons.ferndocs.com proxy.kapa.ai kapa-widget-proxy-la7dkmplpq-uc.a.run.app metrics.kapa.ai https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' blob: data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://ucarecdn.com https://*.ucarecdn.com https://*.uploadcare.com https://*.cloudfront.net https://js.stripe.com https://m.stripe.network https://js.chargify.com https://zapier.com https://cdn.zapier.com https://*.integrately.com https://r.wdfl.co https://*.codepen.io https://*.helpscout.net https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.facebook.net https://snap.licdn.com https://bat.bing.com https://dev.visualwebsiteoptimizer.com https://pi.pardot.com js.zi-scripts.com app-slash.buildwithfern.com files.buildwithfern.com https://cdn.cookiehub.eu https://cookiehub.net widget.kapa.ai https://hcaptcha.com https://*.hcaptcha.com; frame-ancestors 'self'; report-uri https://app.uploadcare.com/apps/api/v0.1/csp/report/
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
ORIGIN
Permissions-Policy
Missing
Not configured
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Caching Headers
3 headers
Cache-Control
Caching
public, max-age=0, must-revalidate
Etag
Caching
"d3014dee8258ad096a6fdb851e9ba296"
Last-Modified
Caching
Mon, 19 Jan 2026 14:15:09 GMT
Content Headers
2 headers
Content-Length
Content
317169
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
Server
Server
nginx
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
2 headers
Date
Other
Mon, 19 Jan 2026 20:46:36 GMT
X-Amz-Server-Side-Encryption
Other
AES256
Recommendations
Enable compression (gzip/brotli) to improve performance