Open
Cached
·
just now
17
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Basic
default-src; script-src; style-src; +13 more
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.kargo.com tag.bounceexchange.com tag.wknd.ai assets.bounceexchange.com api.bounceexchange.com dev.bounceexchange.com dash.bounceexchange.com dash-staging.bounceexchange.com *.rfihub.com *.rfihub.net *.sixflags.com *.googletagmanager.com *.googlesyndication.com storage.googleapis.com *.youtube.com *.ujet.co *.sentry-cdn.com *.algolia.net *.algolianet.com *.sixflags.net *.abtasty.com *.osano.com *.api.osano.com *.datasubject.com *.quantummetric.com *.clarity.ms core.sanity-cdn.com acsbapp.com authjs.dev unpkg.com *.ondigitalocean.app *.attractions.io *.pinterest.com connect.facebook.net *.buy.sixflags.com *.store.sixflags.com s.pinimg.com *.g.doubleclick.net https://bat.bing.com/bat.js https://live.rezync.com https://cdn.boomtrain.com https://bat.bing.com https://bat.bing.com/p/action https://bat.bing.com/p/action/247012320.js https://connect.facebook.net/en_US/fbevents.js https://try.abtasty.com https://www.google.com https://analytics.google.com https://www.gstatic.com *.taboola.com https://cloudpresskit.com; style-src 'self' 'unsafe-inline' *.abtasty.com assets.bounceexchange.com; img-src 'self' data: blob: assets.bounceexchange.com events.bouncex.net *.cdnwidget.com pippio.com *.store.sixflags.com *.liadm.com *.clarity.ms *.buy.sixflags.com https://www.google.com https://i.liadm.com https://ad.doubleclick.net https://analytics.google.com https://www.facebook.com *.g.doubleclick.net https://live.rezync.com https://bat.bing.com https://trc.taboola.com *.wistia.com *.youtube.com *.googlesyndication.com *.moengage.com *.googletagmanager.com *.ytimg.com *.abtasty.com authjs.dev https://cloudpresskit.com https://static.cloudpresskit.com https://bat.bing.com/action cdn.sanity.io cdn.sanity.io static.sixflags.com six-flags.s3.amazonaws.com assets.sixflags.com; font-src 'self' data: https://cloudpresskit.com assets.bounceexchange.com; object-src 'none'; base-uri 'self'; form-action 'self' api.bounceexchange.com dev.bounceexchange.com; frame-ancestors 'self'; frame-src * www.google.com recaptcha.google.com assets.bounceexchange.com dash.bounceexchange.com dash-staging.bounceexchange.com *.google.com *.buy.sixflags.com *.store.sixflags.com; worker-src blob:; child-src blob: assets.bounceexchange.com; connect-src 'self' ws: *.kargo.com coupons.bounceexchange.com events.bouncex.net *.cdnwidget.com *.cdnbasket.net *.boomtrain.com *.clarity.ms *.doubleclick.net https://www.facebook.com https://analytics.google.com https://bat.bing.com https://bat.bing.com/p/action https://bat.bing.com/p/action/247012320.js *.wistia.com *.acsbapp.com *.moengage.com *.sixflags2024.dev *.quantummetric.com *.sfdev.co api.sixflags.net *.store.sixflags.com *.buy.sixflags.com *.youtube.com *.api.osano.com *.osano.com *.algolia.net *.algolianet.com *.sixflags.net *.abtasty.com *.pinterest.com *.taboola.com *.ondigitalocean.app *.attractions.io *.googletagmanager.com *.intentia.com fg8vvsvnieiv3ej16jby.litix.io *.googleadservices.com https://production-search-api.sfdev.co/search-api/public https://qaapi.sixflags.net https://salesforce-form-proxy-production-2bqljsoi2a-uc.a.run.app https://d18car1k0ff81h.cloudfront.net https://dev.cf-mobile.com https://live.rezync.com https://www.google.com https://static.cloudpresskit.com https://www.google-analytics.com https://us-central1-missi-six-prod.cloudfunctions.net https://cloudpresskit.com; manifest-src 'self' accounts.google.com *.abtasty.com web-sf-user-pool-domain-uat.auth.us-east-2.amazoncognito.com web-sf-user-pool-domain.auth.us-east-2.amazoncognito.com web-sf-user-pool-domain-dev.auth.us-east-2.amazoncognito.com web-sf-user-pool-domain-qa.auth.us-east-2.amazoncognito.com; media-src 'self' blob: *.youtube.com; upgrade-insecure-requests;
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Connection
Performance
close
Vary
Performance
Accept-Encoding
Caching Headers
3 headers
Age
Caching
250397
Cache-Control
Caching
s-maxage=31536000
Etag
Caching
"u82fol8ty86r9p"
Content Headers
2 headers
Content-Length
Content
315347
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
X-Powered-By
Server
Next.js
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
8 headers
Date
Other
Thu, 25 Dec 2025 14:05:11 GMT
Via
Other
1.1 f974b88a3ce13f575bbe35ae85a5309a.cloudfront.net (CloudFront)
X-Amz-Cf-Id
Other
xmsYgz4ERHnXJpZm62Mvw8xbqy90JS3y5mbzVw5qf-no7ayGtVTAkA==
X-Amz-Cf-Pop
Other
IAD55-P9
X-Cache
Other
Hit from cloudfront
X-Nextjs-Cache
Other
HIT
X-Nextjs-Prerender
Other
1
X-Nextjs-Stale-Time
Other
300
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology
Analysis completed in 87ms