Security Analysis Results

Content-Type

GET, POST, OPTIONS

*

h3=":443"; ma=86400

public, max-age=0, must-revalidate

max-age=300

home

9606d6fa8b18133f-MRS

28b824ac5b0000890d8aed0400000001

max-age=300

br

default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://www.googletagmanager.com https://plausible.io https://cdn.posthog.com https://assets.unicorn.studio; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https: blob:; media-src 'self' https:; connect-src 'self' https://api.youthperformance.com https://supabase.co https://*.supabase.co https://app.posthog.com https://*.sentry.io https://assets.unicorn.studio https://storage.unicorn.studio https://cdn.unicorn.studio wss://*.supabase.co; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://unicorn.studio; object-src 'none'; base-uri 'self';

text/html; charset=utf-8

Thu, 17 Jul 2025 04:01:44 GMT

W/"d69977ffdd6979f99e9439d65236a1c5"

<https://fonts.gstatic.com/s/bebasneu/v14/JTUSjIg69CK48gW7PXooxW5rygbi49c.woff2>; rel=preload; as=font; type=font/woff2; crossorigin, </_astro/react-vendor.*.js>; rel=modulepreload, <https://fonts.googleapis.com>; rel=preconnect, <https://fonts.gstatic.com>; rel=preconnect; crossorigin, <https://storage.googleapis.com>; rel=preconnect

{"report_to":"default","max_age":604800,"include_subdomains":true}

camera=(), microphone=(), geolocation=(), payment=()

strict-origin-when-cross-origin

{"group":"default","max_age":604800,"endpoints":[{"url":"https://youthperformance.report-uri.com/a/d/g"}],"include_subdomains":true}

cloudflare

cfL4;desc="?proto=TCP&rtt=0&min_rtt=0&rtt_var=0&sent=0&recv=0&lost=0&retrans=0&sent_bytes=0&recv_bytes=0&delivery_rate=0&cwnd=0&unsent_bytes=0&cid=d052bfa04735ae0b&ts=657&x=0" cfReqDur;dur=1882.215

Accept-Encoding

nosniff

DENY

1; mode=block