SSL Verification Bypassed
The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.
Reason:
Hostname Mismatch - certificate is issued for even.in, www.even.in, api.even.in, myteam.even.in, opd.even.in, not for 64.172.117.34.bc.googleusercontent.com
Open
Cached
·
just now
15
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Good
default-src; manifest-src; script-src; +8 more
default-src 'self'; manifest-src 'self' *.google.com; script-src 'self' 'unsafe-inline' https://cdn.even.in *.clarity.ms clarity.ms *.clevertap.com *.clevertap-prod.com *.doubleclick.net *.googleadservices.com www.google-analytics.com www.googletagmanager.com connect.facebook.net d2r1yp2w7bby2u.cloudfront.net wzrkt.com checkout.razorpay.com *.evenhealthcare.com app.digio.in *.hotjar.io *.hotjar.com *.google.com *.gstatic.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' *.googleapis.com *.gstatic.com data:; media-src 'self' *.even.in even.in *.googleapis.com *.gstatic.com *.google.com data: blob:; img-src 'self' *.even.in even.in *.googleapis.com *.doubleclick.net *.googleadservices.com convert-server-staging-c74eqnmcqa-el.a.run.app www.facebook.com *.gstatic.com *.google.com data: blob: *.google.co.in *.stream-io-cdn.com *.googletagmanager.com; frame-src 'self' *.even.in even.in *.googleapis.com *.evenhealthcare.com evenhealthcare.com app.digio.in *.doubleclick.net *.googletagmanager.com *.google.com api.razorpay.com data: blob:; connect-src 'self' *.even.in even.in *.googleapis.com *.clarity.ms clarity.ms *.clevertap.com *.clevertap-prod.com *.gstatic.com google.com *.google.co.in o785291.ingest.sentry.io lumberjack.razorpay.com www.google-analytics.com www.googletagmanager.com *.google.com *.hotjar.io *.hotjar.com wss://*.hotjar.com *.doubleclick.net; worker-src 'self' blob:; frame-ancestors 'self' evenhealthcare.com *.evenhealthcare.com even.in *.even.in *.google.com;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Strengthen CSP by removing 'unsafe-eval'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Vary
Performance
Accept-Encoding
Caching Headers
1 headers
Last-Modified
Caching
Fri, 05 Dec 2025 04:28:23 GMT
Content Headers
2 headers
Content-Length
Content
1735927
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
Server
Server
Google Frontend
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
4 headers
Alt-Svc
Other
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Date
Other
Sun, 07 Dec 2025 23:11:39 GMT
Via
Other
1.1 google
X-Cloud-Trace-Context
Other
875226e41e8c6d264cf8a5e4dd4b87bf;o=1
Recommendations
Enable compression (gzip/brotli) to improve performance
Add Cache-Control header to optimize caching
Analysis completed in 2003ms