Open
Cached
·
just now
30
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Basic
object-src; base-uri; frame-ancestors; +2 more
object-src 'none'; base-uri 'self'; frame-ancestors 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://www.google.com https://www.google-analytics.com/gtm/js https://www.google.com https://www.google-analytics.com https://googleads.g.doubleclick.net/ https://www.gstatic.com https://ajax.googleapis.com https://*.sharethis.com https://*.cloudfront.net https://www.googletagmanager.com https://cdn-cookieyes.com https://*.linkedin.com https://tagmanager.google.com https://*.freshworks.com https://www.clarity.ms https://js.hs-scripts.com https://snap.licdn.com https://www.linkedin.com/pages-extensions/FollowCompany/ https://www.google-analytics.com/analytics.js https://s3.amazonaws.com/files.freshteam.com/ https://*.freshteam.com https://*.cookieyes.com/api/ https://js.hscollectedforms.net/ https://js.hs-banner.com/ https://js.hsadspixel.net/ https://js.hsleadflows.net/ https://js.hs-analytics.net/ https://googleads.g.doubleclick.net/ https://app.factors.ai/ https://img1.wsimg.com/; worker-src 'self' blob:;
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding
Caching Headers
4 headers
Age
Caching
111109
Cache-Control
Caching
public, max-age=2678400
Expires
Caching
Mon, 23 Feb 2026 13:31:04 GMT
Last-Modified
Caching
Thu, 22 Jan 2026 00:49:27 GMT
Content Headers
1 headers
Content-Type
Content
text/html; charset=UTF-8
Server Headers
1 headers
Server
Server
cloudflare
CORS Headers
2 headers
Access-Control-Allow-Headers
Cors
Content-Type, Authorization
Access-Control-Allow-Methods
Cors
GET,POST
Cookies Headers
1 headers
Set-Cookie
Cookies
__cf_bm=6yh.H4WzVX9JJUbg0c9z_mHxo6Vei_Pz1A1hirQyNHU-1769175064-1.0.1.1-JweKPtWEVDTQ37h1PoXwQehktL1J4H5r8jvszPz4BLqGt.uZlGH2gaqxlt8F64bnjGfVycWZJ4kOXWu9_4r_9sCXIgc1_DD95snwwCEtrmc; path=/; expires=Fri, 23-Jan-26 14:01:04 GMT; domain=.zenatix.com; HttpOnly; Secure; SameSite=None
Other Headers
13 headers
Alt-Svc
Other
h3=":443"; ma=86400
Cf-Cache-Status
Other
HIT
Cf-Ray
Other
9c27a6377ab55f12-IAD
Cross-Origin-Embedder-Policy-Report-Only
Other
unsafe-none; report-to='default'
Cross-Origin-Opener-Policy-Report-Only
Other
unsafe-none; report-to='default'
Date
Other
Fri, 23 Jan 2026 13:31:04 GMT
Link
Other
<https://zenatix.com/>; rel=shortlink
X-Content-Security-Policy
Other
default-src 'self'; img-src *; media-src * data:;
X-Gateway-Cache-Key
Other
0|mobile|https|zenatix.com|||/
X-Gateway-Cache-Status
Other
MISS
X-Gateway-Request-Id
Other
db971873499f91f7001cac4573594fcf
X-Gateway-Skip-Cache
Other
0
X-Permitted-Cross-Domain-Policies
Other
none
Recommendations
Enable compression (gzip/brotli) to improve performance