Open
Cached
·
1h ago
18
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Basic
upgrade-insecure-requests; default-src; script-src; +10 more
upgrade-insecure-requests;default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pi.pardot.com https://*.zen.co.uk https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://dnn506yrbagrg.cloudfront.net https://az416426.vo.msecnd.net https://*.bizographics.com https://snap.licdn.com https://bat.bing.com https://s3.amazonaws.com https://*.ads.linkedin.com https://errors.angularjs.org https://code.jquery.com https://stackpath.bootstrapcdn.com https://www.googleadservices.com https://tagmanager.google.com https://www.gstatic.com https://googleads.g.doubleclick.net https://secure.leadforensics.com https://www.details-enterprise-7.com https://secure.quantserve.com https://rules.quantcount.com https://platform.twitter.com https://cdn.syndication.twimg.com https://connect.facebook.net https://widget.trustpilot.com https://dec.azureedge.net https://cdn.insight.sitefinity.com https://static.mention-me.com https://tag.mention-me.com https://optimize.google.com https://cdn.cookielaw.org https://cdn-ukwest.onetrust.com https://static.ads-twitter.com https://analytics.twitter.com https://secure.adnxs.com https://www.facebook.com https://websites.cdn.getfeedback.com https://*.popupsmart.com https://p.teads.tv https://player.vimeo.com https://tags.srv.stackadapt.com https://tools.luckyorange.com https://*.clarity.ms https://*.expertrec.com blob: https://*.sub2tech.com https://ads.nextdoor.com https://service.force.com https://zeninternet.my.salesforce.com https://*.salesforceliveagent.com https://static.lightning.force.com https://lightening.secure.force.com https://*.static.lightning.force.com https://zeninternet.my.salesforce-sites.com https://www.youtube.com https://d1bziodztiw2c7.cloudfront.net https://dev.visualwebsiteoptimizer.com https://www.awin1.com https://www.dwin1.com https://assets.brandswap.com https://lantern.roeyecdn.com https://d16fk4ms6rqz1v.cloudfront.net https://data.perfmaker.net https://smct.co https://analytics-event.com https://the.sciencebehindecommerce.com https://plausible.io;object-src 'none';style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com https://tagmanager.google.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://optimize.google.com https://*.popupsmart.com https://tags.srv.stackadapt.com https://service.force.com https://lightening.secure.force.com https://zeninternet.my.salesforce-sites.com;img-src 'self' blob: https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.google.co.uk https://i.ytimg.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://ad.doubleclick.net https://gtrk.s3.amazonaws.com https://*.zen.co.uk/ https://zen-marketingwebsite-data.s3.amazonaws.com https://zen-marketingwebsite2-data.s3.amazonaws.com https://zen-marketingwebsite.s3.amazonaws.com https://cdn-ukwest.onetrust.com data: https://platform.twitter.com https://syndication.twitter.com https://*.twimg.com https://t.co https://www.facebook.com https://*.ads.linkedin.com https://www.linkedin.com https://*.gstatic.com https://pixel.quantserve.com https://bat.bing.com https://secure.adnxs.com https://*.popupsmart.com https://*.teads.tv https://i.vimeocdn.com https://*.clarity.ms https://d20j3a1e4m2ov9.cloudfront.net https://flask.nextdoor.com https://www.youtube.com https://dev.visualwebsiteoptimizer.com https://www.awin1.com https://plausible.io;media-src 'self';frame-src 'self' https://www.youtube.com https://player.vimeo.com https://myaccount.zen.co.uk https://www.google.com https://maps.google.com https://optimize.google.com https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com https://identity.testing.zen.co.uk https://identity.zen.co.uk https://widget.trustpilot.com https://mention-me.com https://zen.mention-me.com https://servedby.flashtalking.com https://www.getfeedback.com https://zeninternet.getfeedback.com https://dubb.com https://12507069.fls.doubleclick.net https://td.doubleclick.net https://view.genial.ly https://view.genially.com https://cloud.e.zen.co.uk https://service.force.com https://zeninternet.my.salesforce.com https://www.awin1.com https://www.mainadv.com;font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com data:;connect-src 'self' https://www.google-analytics.com https://www.googleadservices.com https://www.google.co.uk https://region1.google-analytics.com https://region1.analytics.google.com https://nl-api.dec.sitefinity.com https://nl-api.insight.sitefinity.com https://zen-marketingwebsite.s3.amazonaws.com https://cdn.cookielaw.org https://cdn-ukwest.onetrust.com https://privacyportal-uk.onetrust.com https://stats.g.doubleclick.net https://tag.mention-me.com https://mention-me.com https://graph.facebook.com https://*.popupsmart.com https://*.teads.tv https://tags.srv.stackadapt.com https://cdn.linkedin.oribi.io https://*.luckyorange.com https://pubsub.googleapis.com wss://*.visitors.live https://dev.visualwebsiteoptimizer.com https://*.clarity.ms https://*.expertrec.com https://flask.nextdoor.com https://lightening.secure.force.com https://zeninternet.my.salesforce-sites.com https://apm.zen.co.uk https://ih4anl1qy8.execute-api.eu-west-1.amazonaws.com https://*.zen.co.uk https://tagapi.brandswap.com https://the.sciencebehindecommerce.com https://plausible.io;frame-ancestors 'self' https://portal.zenbusiness.co.uk https://enlighten2.testing.zen.co.uk https://enlighten2.zen.co.uk https://12507069.fls.doubleclick.net;worker-src 'self' blob:;report-uri /WebResource.axd?cspReport=true
X-Frame-Options
Present
SameOrigin,SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
1 headers
Connection
Performance
keep-alive
Caching Headers
3 headers
Cache-Control
Caching
no-cache
Expires
Caching
-1
Pragma
Caching
no-cache
Content Headers
2 headers
Content-Length
Content
261337
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
Server
Server
A Web Server
CORS Headers
1 headers
Access-Control-Expose-Headers
Cors
Request-Context
Cookies Headers
1 headers
Set-Cookie
Cookies
AWSALBCORS=AlqElrXabbWqfqoYNM4R4nD0qrH5532uQ3SWxWgKlQYVDpzQsAGIpWiyOOVaAkHCD8C0/LzXkC9rre7hGqGcTdL0tw9/Uqw2B63YGx96k6SNWtxJI0dSmudeb6Du; Expires=Fri, 28 Nov 2025 02:02:21 GMT; Path=/; SameSite=None; Secure
Other Headers
4 headers
Date
Other
Fri, 21 Nov 2025 02:02:21 GMT
Request-Context
Other
appId=cid-v1:b8eee728-6b85-4881-bbf4-a788ec2798dd
X-Waf-Id
Other
i-0fc371c4442823a5f
X-Waf-Stackname
Other
zenwaf01-uk-2
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 603ms