Open
Cached
·
just now
22
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=63072000; includeSubDomains; preload
Content-Security-Policy
Basic
base-uri; child-src; connect-src; +12 more
base-uri 'none';child-src 'self' * blob:;connect-src 'self' https://cdn.coda.io wss://coda.io https://auth.grammarly.com wss://capi-local.grammarly.com/freews wss://capi.grammarly.com/freews https://f-log-ai-editor.grammarly.io https://ai-editor.femetrics.grammarly.io https://treatment.grammarly.com https://gates.grammarly.com https://gr-core-prod-assistant-file.s3.amazonaws.com/ https://goldengate.grammarly.com https://subscription.grammarly.com https://d1m7gvwd59hen3.cloudfront.net https://superhuman.framer.website https://superhuman.com https://coda.io wss://*.intercom.io https://coda-us-west-2-prod-blobs-upload.s3-accelerate.amazonaws.com https://coda-us-west-2-prod-packs-upload.s3-accelerate.amazonaws.com https://coda-us-west-2-prod-packs.s3.us-west-2.amazonaws.com https://codahosted.io https://codacontent.io https://coda.io https://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://sdk.iad-05.braze.com https://app.getsentry.com https://iframe.ly https://cdn.iframe.ly https://baconipsum.com https://api.trello.com https://api.stripe.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google.com/ccm/collect https://*.g.doubleclick.net https://*.google.com https://www.google.com/pagead/landing https://www.facebook.com https://*.marketo.com https://*.mktoresp.com https://*.mktoutil.com https://*.mutinycdn.com https://*.mutinyhq.com https://*.mutinyhq.io https://cdn.cookielaw.org https://*.onetrust.com https://us-central1-adaptive-growth.cloudfunctions.net https://sink.pdst.fm https://grsm.io https://partnerlinks.io https://pixel.pvd.to https://tracker.pixeltracker.co https://pixelconnector.pixeltracker.co https://login.microsoftonline.com https://graph.microsoft.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.api.sanity.io https://*.apicdn.sanity.io https://statsig.coda.io https://statsigapi.net https://app.clearbit.com https://cdn.linkedin.oribi.io https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://api.sprig.com https://cdn.sprig.com https://pixels.spotify.com/v1/ingest https://api.cr-relay.com/ https://api.palette.dev https://*.forethought.ai https://coda-migrations.femetrics.grammarly.io https://in.grammarly.com https://gateway.grammarly.com ;default-src 'self' https://cdn.coda.io https://codacontent.io https://coda-us-west-2-prod-blobs.s3.us-west-2.amazonaws.com https://coda.io;font-src data: https://cdn.coda.io https://js.intercomcdn.com https://fonts.intercomcdn.com https://fonts.gstatic.com https://fonts.googleapis.com https://use.typekit.net https://static-web.grammarly.com;form-action 'self' https://api-iam.intercom.io https://intercom.help *.coda.io;frame-ancestors 'self' *.intercom-sheets.com teams.microsoft.com chrome-extension://ocjjmmnhefcaopncklmdodfglamkeign chrome-extension://pbdpddefpmdbfdgkaknnmimgjmjoefmj chrome-extension://cdgkmagmdldlpiglliebaajdpdkigcbi chrome-extension://dipjbaeecehmimeelgehcodalckeklid chrome-extension://clppjidbanhondokgacbbbhdnihejpad sites.google.com www.gstatic.com *.googleusercontent.com *.liftlab.com *.atlassian.net *.sharepoint.com w.amazon.com *.slab.com *.sanity.studio ;frame-src *;img-src * blob: data:;media-src 'self' https://codahosted.io https://cdn.coda.io https://js.intercomcdn.com https://cdn.sanity.io;object-src 'none';report-uri /csp-violation;script-src 'unsafe-inline' 'unsafe-eval' https: https://*.mutinycdn.com https://*.googletagmanager.com https://cdn.cr-relay.com/ https://*.forethought.ai;style-src 'self' 'unsafe-inline' blob: https://accounts.google.com https://cdn.coda.io https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net https://*.mktoweb.com;worker-src 'self' blob:
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
fullscreen=*, autoplay=(self), geolocation=*
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
Performance Headers
3 headers
Connection
Performance
keep-alive
Transfer-Encoding
Performance
chunked
Vary
Performance
x-coda-custom-host,User-Agent,Accept-Encoding
Caching Headers
0 headers
No caching headers found
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
Server
Server
CloudFront
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
show_cookie_banner=false; Secure; Path=/
Other Headers
10 headers
Alt-Svc
Other
h3=":443"; ma=86400
Date
Other
Tue, 25 Nov 2025 04:30:57 GMT
Feature-Policy
Other
fullscreen *; autoplay 'self'; geolocation *
Link
Other
<https://cdn.coda.io>; rel=preconnect; crossorigin, <https://codaio.imgix.net>; rel=preconnect; crossorigin, <https://images.unsplash.com>; rel=preconnect; crossorigin, <https://codacontent.io>; rel=preconnect; crossorigin, <https://cdn-codaio.imgix.net>; rel=preconnect; crossorigin
Via
Other
1.1 32a86417f344d7ce72f29ebf299d3192.cloudfront.net (CloudFront)
X-Amz-Cf-Id
Other
SXV4tIhY5tO13TRigKUIvhLdF5F1Rn9oBhD0ez2wqPvluVjesNDnXw==
X-Amz-Cf-Pop
Other
IAD61-P5
X-Cache
Other
Miss from cloudfront
X-Download-Options
Other
noopen
X-Permitted-Cross-Domain-Policies
Other
none
Recommendations
Enable compression (gzip/brotli) to improve performance
Add Cache-Control header to optimize caching
Analysis completed in 428ms