Open
Cached
·
just now
20
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Basic
default-src; script-src; style-src; +10 more
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://widget-v2.webability.io https://*.googletagmanager.com https://*.google-analytics.com https://static.cloudflareinsights.com https://challenges.cloudflare.com https://datafa.st https://www.clarity.ms https://*.hs-scripts.com https://js.hubspot.com https://js.hsforms.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hscollectedforms.net https://js.hsadspixel.net https://static.hsappstatic.net https://*.usemessages.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.hsappstatic.net https://*.hsforms.com https://*.hubspot.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https: http: https://challenges.cloudflare.com; media-src 'self' https:; connect-src 'self' https://*.webability.io https://*.strapiapp.com https://*.google-analytics.com https://api.replicate.com https://cloudflareinsights.com https://challenges.cloudflare.com https://datafa.st https://www.clarity.ms https://forms.hsforms.com https://forms.hscollectedforms.net https://api.hsforms.com https://api.hubapi.com https://*.hubapi.com https://track.hubspot.com https://*.hubspot.com https://*.hs-scripts.com https://js.hubspot.com https://js.hsforms.net https://*.hs-banner.com https://*.hscollectedforms.net https://*.usemessages.com; frame-src 'self' https://*.youtube.com https://*.vimeo.com https://challenges.cloudflare.com https://forms.hsforms.com https://*.hsforms.net https://*.hubspot.com https://*.hs-beacon.com https://*.hs-sites.com; frame-ancestors 'self'; object-src 'none'; base-uri 'self'; form-action 'self' https://forms.hsforms.com https://*.hubspot.com https://api.hsforms.com; upgrade-insecure-requests
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
camera=(self), microphone=(self "https://widget-v2.webability.io"), geolocation=()
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding
Caching Headers
1 headers
Cache-Control
Caching
public, max-age=31536000, must-revalidate
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
Server
Server
cloudflare
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
9 headers
Alt-Svc
Other
h3=":443"; ma=86400
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
9cabdc2a4e66b754-IAD
Date
Other
Sun, 08 Feb 2026 14:36:34 GMT
Nel
Other
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Report-To
Other
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=T19fw7W0H6UB4qeYmvzYYBBJdwXWfv11yCcB%2BL3ZDApYIs%2FBZr0HkpDAoT62sLyb81qs%2BSIJT55e0n6rTlMASr9ha0Vb4qe1N2ZoHfTlBVH9"}]}
Server-Timing
Other
cfEdge;dur=13,cfOrigin;dur=292
Speculation-Rules
Other
"/cdn-cgi/speculation"
X-Nextjs-Cache
Other
HIT
Recommendations
Enable compression (gzip/brotli) to improve performance