Open
Cached
·
just now
19
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000; includeSubdomains; preload
Content-Security-Policy
Basic
default-src; script-src; style-src; +10 more
default-src 'self' https://cdn.jsdelivr.net https://*.console.glassboxsaas.com https://*.report.gbss.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.appsflyer.com https://maps.googleapis.com https://places.googleapis.com https://cdn.segment.com https://ze.delivery https://repo.incognia.com https://*.google.com https://*.gstatic.com https://*.google.com.br https://*.google-analytics.com https://*.googletagmanager.com https://optanon.blob.core.windows.net https://connect.facebook.net https://code.jquery.com https://cdn.cookielaw.org https://analytics.tiktok.com https://*.hotjar.com https://*.tailtarget.com https://pixel.mathtag.com https://web-sdk-cdn.singular.net https://*.clearsale.com.br https://cdn.jsdelivr.net https://www.googleadservices.com https://*.clarity.ms https://*.ze.delivery https://www.google.com/ads/ga-audiences https://cdn.gbqofs.com https://*.console.glassboxsaas.com https://lantern.roeyecdn.com https://www.dwin1.com https://*.report.gbss.io https://*.awin1.com https://the.sciencebehindecommerce.com https://*.split.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://optanon.blob.core.windows.net https://www.googletagmanager.com https://cdn.cookielaw.org https://*.onetrust.com; img-src 'self' blob: data: https://*.bing.com courier-images-web.imgix.net courier-images-frontrelease.imgix.net courier-images-prod.imgix.net https://*.google-analytics.com https://*.googleapis.com https://ads.scorecardresearch.com https://eb2.3lift.com https://t.mookie1.com https://analytics.twitter.com https://us-u.openx.net https://id5-sync.com https://match.sharethrough.com https://analytics.twitter.com https://image2.pubmatic.com https://x.bidswitch.net https://odr.mookie1.com https://loadus.exelator.com https://contextual.media.net https://maps.googleapis.com https://places.googleapis.com https://www.facebook.com https://*.clearsale.com.br https://www.google.com https://www.google.com.br https://*.tailtarget.com https://*.singular.net https://*.hotjar.com https://*.incognia.com https://*.typeform.com https://*.doubleclick.net https://*.tiktok.com https://*.onetrust.com https://*.gstatic.com https://*.mathtag.com https://*.googleadservices.com https://*.facebook.net https://*.amazoncognito.com https://*.google.com https://*.ze.delivery https://img.saveur-biere.com https://content.hotjar.io https://translate.google.com https://adservice.google.com https://tags.w55c.net https://tags.bluekai.com https://dsum-sec.casalemedia.com https://idsync.rlcdn.com https://*.stickyadstv.com https://*.akgn.com https://www.googletagmanager.com https://ups.analytics.yahoo.com https://pixel.rubiconproject.com https://aa.agkn.com https://ce.lijit.com https://c.clarity.ms https://*.awin1.com https://www.awin1.com https://*.tapad.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; form-action 'self' https://www.facebook.com; frame-ancestors 'self' https://www.typeform.com; frame-src 'self' https://form.typeform.com https://*.doubleclick.net https://www.typeform.com https://*.google.com https://www.facebook.com https://www.googletagmanager.com https://zecompensa.ze.delivery https://*.awin1.com https://www.awin1.com https://zecompensa.ze.delivery; upgrade-insecure-requests ; connect-src 'self' https://api.pagar.me https://*.onelink.me https://*.google-analytics.com https://www.facebook.com https://*.google.com https://maps.googleapis.com https://places.googleapis.com https://*.clarity.ms https://*.split.io https://auth.split.io https://api.split.io https://*.ze.delivery https://api.club.zedelivery.in https://*.incognia.com https://*.icg-in.com wss://*.icg-in.com wss://*.incognia.com wss://ws.hotjar.com https://cdn.segment.com https://api.segment.io https://*.segment.com https://*.segment.io https://cdn.cookielaw.org https://*.onetrust.com https://analytics.google.com https://*.hotjar.com https://*.hotjar.io https://cognito-idp.us-west-2.amazonaws.com https://cdn.jsdelivr.net https://*.clearsale.com.br https://*.dynamsoft.com https://*.zedelivery.in https://*.gbqofs.io https://sdk-api-v1.singular.net https://*.gstatic.com https://ze-auth-service-consumer-prod.auth.us-west-2.amazoncognito.com https://ze-auth-service-consumer-frontrelease.auth.us-west-2.amazoncognito.com https://www.google.com/ads/ga-audiences https://*.console.glassboxsaas.com https://*.report.gbss.io https://*.googleadservices.com https://www.google.com.br https://www.dwin1.com https://www.awin1.com https://*.doubleclick.net https://*.appsflyer.com https://*.imgix.net https://*.googleapis.com https://*.tiktok.com;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
ch-ua-model=("https://sdk-api-v1.singular.net"), ch-ua-platform-version=("https://sdk-api-v1.singular.net"), ch-ua-full-version-list=("https://sdk-api-v1.singular.net"), attribution-reporting=(), browsing-topics=(), otp-credentials=(), accelerometer=(self "https://zecompensa.ze.delivery"),attribution-reporting=(self "https://zecompensa.ze.delivery"),autoplay=(self "https://zecompensa.ze.delivery"),bluetooth=(self "https://zecompensa.ze.delivery"),browsing-topics=(self "https://zecompensa.ze.delivery"),camera=(self "https://zecompensa.ze.delivery"),compute-pressure=(self "https://zecompensa.ze.delivery"),display-capture=(self "https://zecompensa.ze.delivery"),encrypted-media=(self "https://zecompensa.ze.delivery"),fullscreen=(self "https://zecompensa.ze.delivery"),gamepad=(self "https://zecompensa.ze.delivery"),geolocation=(self "https://zecompensa.ze.delivery"),gyroscope=(self "https://zecompensa.ze.delivery"),hid=(self "https://zecompensa.ze.delivery"),identity-credentials-get=(self "https://zecompensa.ze.delivery"),idle-detection=(self "https://zecompensa.ze.delivery"),local-fonts=(self "https://zecompensa.ze.delivery"),magnetometer=(self "https://zecompensa.ze.delivery"),microphone=(self "https://zecompensa.ze.delivery"),midi=(self "https://zecompensa.ze.delivery"),otp-credentials=(self "https://zecompensa.ze.delivery"),payment=(self "https://zecompensa.ze.delivery"),picture-in-picture=(self "https://zecompensa.ze.delivery"),publickey-credentials-create=(self "https://zecompensa.ze.delivery"),publickey-credentials-get=(self "https://zecompensa.ze.delivery"),screen-wake-lock=(self "https://zecompensa.ze.delivery"),serial=(self "https://zecompensa.ze.delivery"),storage-access=(self "https://zecompensa.ze.delivery"),usb=(self "https://zecompensa.ze.delivery"),web-share=(self "https://zecompensa.ze.delivery"),window-management=(self "https://zecompensa.ze.delivery"),xr-spatial-tracking=(self "https://zecompensa.ze.delivery")
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding
Caching Headers
2 headers
Cache-Control
Caching
private, no-cache, no-store, max-age=0, must-revalidate
Etag
Caching
"b03gwrmh4918k3"
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
X-Powered-By
Server
Next.js
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
incap_ses_1342_2782761=FkLrAyCkMQxnSBzeY76fEs86bWkAAAAAASsWPr5V4XudT5V+7Wu1+g==; path=/; Domain=.ze.delivery
Other Headers
4 headers
Accept-Ch
Other
sec-ch-ua-modal, sec-ch-ua-platform-version, sec-ch-ua-full-version-list
Date
Other
Sun, 18 Jan 2026 19:55:59 GMT
X-Cdn
Other
Imperva
X-Iinfo
Other
6-20242596-20242597 NNNN CT(73 152 0) RT(1768766159599 8) q(0 0 2 0) r(3 3) U24
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology