SSL Verification Bypassed
The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.
Reason:
Hostname Mismatch - certificate is issued for *.huducloud.com, huducloud.com, not for www.ecommbeta.com
Open
Cached
·
just now
20
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31556952; includeSubDomains; preload
Content-Security-Policy
Good
default-src; font-src; object-src; +6 more
default-src 'self'; font-src 'self' https: data:; object-src 'none'; form-action 'self' https:; img-src 'self' https: blob: data: https://img.icons8.com; connect-src 'self' https://api.mapbox.com https://events.mapbox.com https://fra1.digitaloceanspaces.com https://hudu-phenixict.fra1.digitaloceanspaces.com https://phenixict.huducloud.com; frame-src https://www.youtube.com https://www.loom.com https://viewer.diagrams.net https://scribehow.com https://app.tango.us https://player.vimeo.com https://widget.canny.io https://lucid.app https://*.wasabisys.com https://www.canva.com https://*.sharepoint.com https://*.brightgauge.co https://www.figma.com https://*.figma.com https://maps.google.com https://www.google.com https://docs.google.com https://www.facebook.com https://www.linkedin.com https://app.rewst.io https://rewst.us.auth0.com https://api.mapbox.com https://hudu-phenixict.fra1.digitaloceanspaces.com https://phenixict.huducloud.com; script-src 'self' blob: https://ajax.cloudflare.com https://canny.io/sdk.js https://api.duosecurity.com https://platform.twitter.com https://canvasjs.com https://stackpath.bootstrapcdn.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' blob: https://stackpath.bootstrapcdn.com
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Strengthen CSP by removing 'unsafe-eval'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
1 headers
Vary
Performance
Accept-Encoding
Caching Headers
4 headers
Cache-Control
Caching
no-store
Etag
Caching
W/"d603caff38c50740f407b068c27c2022"
Expires
Caching
Mon, 01 Jan 1990 00:00:00 GMT
Pragma
Caching
no-cache
Content Headers
2 headers
Content-Length
Content
4281
Content-Type
Content
text/html; charset=utf-8
Server Headers
2 headers
Server
Server
nginx
X-Runtime
Server
0.042722
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
_hudu_session=wttLJ7hpoLxjkevwTHO9je5%2Flfb4X2%2B9m41W2Px%2BRabshv8lZv2SFr5yfVnitFr6m9l0U9DsrhqWipxCVZNJDswlUBzfidY6wsmhdRQGm3ya89LToaY3l0oGPRHZOENelXYHAgFKN8ygPVs4%2F7ydXstbIFmV%2F%2BupkwSMIwbw4Cp%2BwS69%2Fj9Nv4Qu83LrPUw0fhktzqf6nv7834DWUdiftGF0wldc3aHLcoKnjWKYvydL2DqMRT5GaUjFObqVhnJfU3BYZPTsxr1dIuMC4WK4%2F0mgn%2BW0--8PZHW1OdunkRfVP5--a8yLHb0GF%2FgzWG%2BymowzpA%3D%3D; path=/; secure; httponly; samesite=lax
Other Headers
4 headers
Date
Other
Sun, 07 Dec 2025 02:53:29 GMT
Link
Other
</app_assets/application-3478c7cec484390bda79e965e17207677be30dd6e4f863e69b6eed6f059db015.css>; rel=preload; as=style; nopush,</app_assets/application-65282158fda0f4a8ad31eabce6c2d3ac5edddf1c9252ee99b8a56d50f4f16d86.js>; rel=preload; as=script; nopush
X-Permitted-Cross-Domain-Policies
Other
none
X-Request-Id
Other
e5af6304-824d-466d-9206-4996c5ea654d
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 729ms