coda.io | Analytics by SecurityHeaders

HTTP Headers report for coda.io

Header Name Header Data
HTTP status code 200
X-Amz-Cf-Id oK2qSk7VbENhyV-VWHZTm9T0goK-L8uJdvoGcQfIq0Rtyk6rLtnLFA==
X-Download-Options noopen
Cache-Control no-store, max-age=0
Link <https://cdn.coda.io>; rel=preconnect; crossorigin, <https://sanity-images.imgix.net>; rel=preconnect; crossorigin, <https://codaio.imgix.net>; rel=preconnect; crossorigin, <https://images.unsplash.com>; rel=preconnect; crossorigin
Set-Cookie show_cookie_banner=true; Secure; Path=/
Alt-Svc h3=":443"; ma=86400
Age 85402
X-Amz-Cf-Pop AMS1-P2
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Permitted-Cross-Domain-Policies none
Content-Security-Policy base-uri 'none';child-src 'self' * blob:;connect-src 'self' https://cdn.coda.io wss://coda.io https://coda.io wss://*.intercom.io https://coda-us-west-2-prod-blobs-upload.s3-accelerate.amazonaws.com https://coda-us-west-2-prod-packs-upload.s3-accelerate.amazonaws.com https://coda-us-west-2-prod-packs.s3.us-west-2.amazonaws.com https://codahosted.io https://codacontent.io https://coda.io https://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://sdk.iad-05.braze.com https://app.getsentry.com https://iframe.ly https://cdn.iframe.ly https://api.rollbar.com https://baconipsum.com https://api.trello.com https://api.stripe.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google.com/ccm/collect https://*.g.doubleclick.net https://*.google.com https://www.google.com/pagead/landing https://www.facebook.com https://*.marketo.com https://*.mktoresp.com https://*.mktoutil.com https://*.mutinycdn.com https://*.mutinyhq.com https://*.mutinyhq.io https://cdn.cookielaw.org https://*.onetrust.com https://us-central1-adaptive-growth.cloudfunctions.net https://sink.pdst.fm https://grsm.io https://partnerlinks.io https://pixel.pvd.to https://tracker.pixeltracker.co https://pixelconnector.pixeltracker.co https://login.microsoftonline.com https://graph.microsoft.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.api.sanity.io https://*.apicdn.sanity.io https://statsig.coda.io https://statsigapi.net https://app.clearbit.com https://cdn.linkedin.oribi.io https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://api.sprig.com https://cdn.sprig.com https://pixels.spotify.com/v1/ingest https://api.cr-relay.com/ https://*.getkoala.com wss://*.getkoala.com ;default-src 'self' https://cdn.coda.io https://codacontent.io https://coda-us-west-2-prod-blobs.s3.us-west-2.amazonaws.com https://coda.io;font-src data: https://cdn.coda.io https://js.intercomcdn.com https://fonts.intercomcdn.com https://fonts.gstatic.com https://fonts.googleapis.com https://use.typekit.net;form-action 'self' https://api-iam.intercom.io https://intercom.help *.coda.io;frame-ancestors *.intercom-sheets.com teams.microsoft.com chrome-extension://ocjjmmnhefcaopncklmdodfglamkeign chrome-extension://pbdpddefpmdbfdgkaknnmimgjmjoefmj chrome-extension://cdgkmagmdldlpiglliebaajdpdkigcbi *.sanity.studio ;frame-src *;img-src * blob: data:;media-src 'self' https://cdn.coda.io https://js.intercomcdn.com https://cdn.sanity.io;object-src 'none';report-uri /csp-violation;script-src 'strict-dynamic' 'nonce-01b4fe7b04e849c1afe1c823aaf0d999' 'unsafe-inline' 'unsafe-eval' https: https://*.mutinycdn.com https://*.googletagmanager.com https://cdn.cr-relay.com/ https://*.getkoala.com;style-src 'self' 'unsafe-inline' blob: https://accounts.google.com https://cdn.coda.io https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net https://*.mktoweb.com;worker-src 'self' blob:
Vary x-coda-custom-host,User-Agent,Accept-Encoding
X-Content-Type-Options nosniff
X-Xss-Protection 0
Referrer-Policy strict-origin-when-cross-origin
Permissions-Policy fullscreen=*, autoplay=(self), geolocation=*
Content-Type text/html; charset=utf-8
Connection keep-alive
Server CloudFront
Date Fri, 04 Apr 2025 20:35:52 GMT
Via 1.1 397f210a9eb9ec34ba3f1f814bc1a7a2.cloudfront.net (CloudFront)
X-Cache Hit from cloudfront
Feature-Policy fullscreen *; autoplay 'self'; geolocation *

About the tool

By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.

This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.

We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.

Watch it now at TrustRadar