Open
Cached
·
just now
27
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=2592000
Content-Security-Policy
Basic
default-src; child-src; connect-src; +7 more
default-src 'self' *.mightynetworks.com *.mn.co; child-src 'self' blob: *; connect-src 'self' *.akamaized.net *.amazonaws.com/upload.usersnap.com *.analytics.google.com *.chime.aws *.facebook.com *.google-analytics.com *.googlesyndication.com *.imgix.net *.live-video.net *.kaltura.com *.mightynetworks.com *.mn.co analytics.google.com adservice.google.com api.getrewardful.com api.segment.io api.stripe.com api-iam.intercom.io bat.bing.com capture.trackjs.com cdn.jsdelivr.net cdn.linkedin.oribi.io cdn.segment.com js.stripe.com rum.browser-intake-datadoghq.com session-replay.browser-intake-datadoghq.com sockjs.pusher.com statsigapi.net featuregates.org featureassets.org prodregistryv2.org events.statsigapi.net stats.g.doubleclick.net translate.google.com translate.googleapis.com uploads.intercomcdn.com widget.usersnap.com ws.pusherapp.com www.google.com www.googletagmanager.com www.googleadservices.com fonts.googleapis.com logs.browser-intake-datadoghq.com analytics.tiktok.com *.wistia.com *.sentry-cdn.com rootabl.web.app myrootabl.com *.linkedin.com *.vimeo.com vimeo.com www.wbus0a0h.com *.prosperstack.com d8acyc0zqfjzr.cloudfront.net media2-production.mightynetworks.com wss:; media-src 'self' blob: data: *; font-src 'self' data: fonts.gstatic.com fonts.intercomcdn.com *.mightynetworks.com *.mn.co; img-src 'self' blob: data: *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.chime.aws *.capterra.com *.google-analytics.com *.googlesyndication.com *.mightynetworks.com *.mn.co *.usersnap.com ajax.googleapis.com apis.google.com bat.bing.com cdnjs.cloudflare.com static.cloudflareinsights.com cdn.embedly.com cdn.jsdelivr.net cdn.segment.com cdn.trackjs.com code.highcharts.com connect.facebook.net googleads.g.doubleclick.net js.intercomcdn.com js.stripe.com snap.licdn.com static.ads-twitter.com stats.pusher.com translate.google.com translate.googleapis.com widget.intercom.io www.datadoghq-browser-agent.com www.googletagmanager.com www.google.com www.gstatic.com www.googleadservices.com www.youtube.com analytics.tiktok.com *.wistia.com *.sentry-cdn.com app.rootabl.com myrootabl.com *.linkedin.com vimeo.com *.vimeo.com www.wbus0a0h.com *.prosperstack.com; object-src 'none'; style-src 'self' blob: data: 'unsafe-inline' *.mightynetworks.com *.mn.co cdnjs.cloudflare.com cdn.jsdelivr.net fonts.googleapis.com; report-uri /api/web/v1/analytics/csp_violations
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
accept-encoding
Caching Headers
1 headers
Cache-Control
Caching
max-age=0, private, must-revalidate
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
2 headers
Server
Server
cloudflare
X-Runtime
Server
0.049194
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
_cfuvid=IsOT1ZiFWGsnvDJN2FVu0SUl.hZM6HLBpfUWEyXCQ8E-1769585464845-0.0.1.1-604800000; path=/; domain=.mn.co; HttpOnly; Secure; SameSite=None
Other Headers
13 headers
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
9c4ec9c2bbe381bd-IAD
Date
Other
Wed, 28 Jan 2026 07:31:04 GMT
Mighty-Cluster
Other
core-production-c
Mighty-Env
Other
production
Mighty-Location
Other
production
Mighty-Runtime
Other
k8s
Mighty-Service
Other
frontend
X-Download-Options
Other
noopen
X-Locale
Other
en
X-Mighty-Prerender
Other
false
X-Permitted-Cross-Domain-Policies
Other
none
X-Request-Id
Other
ed1cc7cf-0a65-4d20-9eca-8681bcab7bbc
Recommendations
Enable compression (gzip/brotli) to improve performance