Open
Cached
·
just now
22
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000;preload
Content-Security-Policy
Basic
img-src; default-src; script-src; +10 more
img-src 'self' data: https://wp.jdeckman.com https://maps.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://demo-content.kaliumtheme.com https://img.youtube.com https://www.jdeckman.com https://i.ytimg.com https://translate.google.com https://fonts.gstatic.com https://cdn.honey.io https://plugins.svn.wordpress.org https://repository.kreaturamedia.com blob: https://secure.gravatar.com https://ts.w.org https://s.w.org https://ps.w.org; default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.youtube.com https://connect.facebook.net https://www.google.com https://www.jdeckman.com https://www.gstatic.com data: https://get663.com https://sc-static.net https://ajax.googleapis.com https://platform.twitter.com 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.youtube.com https://connect.facebook.net https://www.google.com https://www.jdeckman.com https://www.gstatic.com data: https://get663.com https://sc-static.net https://ajax.googleapis.com https://platform.twitter.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.jdeckman.com https://www.gstatic.com data: https://cdn.honey.io ; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.jdeckman.com https://www.gstatic.com data: https://cdn.honey.io ; font-src 'self' https://fonts.gstatic.com https://static.zip.co https://www.jdeckman.com https://svcs.tql.com https://cdn.blerp.com data:; frame-src 'self' https://www.youtube-nocookie.com https://www.google.com https://www.facebook.com https://www.googletagmanager.com https://mozbar.moz.com blob:; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://translate.googleapis.com https://get663.com https://translate-pa.googleapis.com; media-src 'self' data:; worker-src 'self' blob:; frame-ancestors ; upgrade-insecure-requests;
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
private-state-token-redemption=(self "https://www.google.com" "https://www.gstatic.com" "https://recaptcha.net" "https://challenges.cloudflare.com" "https://hcaptcha.com"), private-state-token-issuance=(self "https://www.google.com" "https://www.gstatic.com" "https://recaptcha.net" "https://challenges.cloudflare.com" "https://hcaptcha.com")
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
Performance Headers
2 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Caching Headers
0 headers
No caching headers found
Content Headers
1 headers
Content-Type
Content
text/html; charset=UTF-8
Server Headers
2 headers
Server
Server
cloudflare
X-Powered-By
Server
PHP/8.3.12
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
8 headers
Alt-Svc
Other
h3=":443"; ma=86400
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
9c0bd95ada38c58d-IAD
Date
Other
Tue, 20 Jan 2026 04:32:40 GMT
Link
Other
<https://www.jdeckman.com/>; rel=shortlink
Nel
Other
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Report-To
Other
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=MNbo%2BOdeClk7x%2Bs4OCPtDVZjv%2Ftwnru7t9%2F14Cr5dq2qAhAPbB7peXJOJLgzEser7nNcph0ARiWk3DItSPXyVaQkCjgAIOVZtO16fL6ICeM%3D"}]}
Server-Timing
Other
cfEdge;dur=19,cfOrigin;dur=2551
Recommendations
Enable compression (gzip/brotli) to improve performance
Add Cache-Control header to optimize caching
Consider removing X-Powered-By header to hide server technology