Open
Cached
·
just now
19
Headers
Detected Technologies from Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
Connection
close
Transfer-Encoding
chunked
Vary
Origin, Accept-Encoding
connection: close transfer-encoding: chunked vary: Origin, Accept-Encoding
Caching Headers
No caching headers found
Content Headers
Content-Type
text/html; charset=utf-8
content-type: text/html; charset=utf-8
Server Headers
Server
cloudflare
server: cloudflare
CORS Headers
Access-Control-Expose-Headers
X-ECP-Session-Id
access-control-expose-headers: X-ECP-Session-Id
Cookies Headers
Other Headers
Cf-Cache-Status
DYNAMIC
Cf-Ray
9f8ca9c76d831fdf-IAD
Date
Sat, 09 May 2026 00:42:15 GMT
X-Content-Security-Policy
script-src 'self' 'unsafe-inline' cdn.mxpnl.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com assets.circle.com maps.googleapis.com netverify.com https://www.gstatic.com; connect-src *
X-Dns-Prefetch-Control
off
X-Download-Options
noopen
X-Webkit-Csp
script-src 'self' 'unsafe-inline' cdn.mxpnl.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com assets.circle.com maps.googleapis.com netverify.com https://www.gstatic.com; connect-src *
cf-cache-status: DYNAMIC cf-ray: 9f8ca9c76d831fdf-IAD date: Sat, 09 May 2026 00:42:15 GMT x-content-security-policy: script-src 'self' 'unsafe-inline' cdn.mxpnl.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com assets.circle.com maps.googleapis.com netverify.com https://www.gstatic.com; connect-src * x-dns-prefetch-control: off x-download-options: noopen x-webkit-csp: script-src 'self' 'unsafe-inline' cdn.mxpnl.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com assets.circle.com maps.googleapis.com netverify.com https://www.gstatic.com; connect-src *
Recommendations
Enable compression (gzip/brotli) to improve performance
Add Cache-Control header to optimize caching