Open
Cached
·
just now
19
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Weak
max-age=0; includeSubDomains
Content-Security-Policy
Good
script-src; script-src-elem; default-src; +5 more
script-src 'self' 'unsafe-inline' blob: https://*.google-analytics.com https://*.mavenwidgets.net https://*.onmaven.app https://*.osano.com https://apis.google.com https://cdn.heapanalytics.com https://cdn.plaid.com https://chat.onmaven.app https://heapanalytics.com https://js.stripe.com https://stonly.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com; script-src-elem 'self' 'unsafe-inline' blob: https://*.google-analytics.com https://*.mavenwidgets.net https://*.onmaven.app https://*.osano.com https://apis.google.com https://cdn.heapanalytics.com https://cdn.plaid.com https://chat.onmaven.app https://heapanalytics.com https://js.stripe.com https://stonly.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com; default-src 'self' 'unsafe-inline' blob: data: https://*.google-analytics.com https://*.googleapis.com https://*.mavenwidgets.net https://*.onmaven.app https://*.osano.com https://cdn.plaid.com https://js.stripe.com https://www.google.com https://www.googletagmanager.com https://us-central1-scratch-borrower-portal.cloudfunctions.net https://o69629.ingest.sentry.io; object-src 'none'; worker-src 'self' blob:; manifest-src 'self'; report-to csp-endpoint; report-uri https://o69629.ingest.us.sentry.io/api/1530307/security/?sentry_key=ebd8037fcabf4aa79e6654e4d0184453&sentry_environment=production
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
same-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Strengthen CSP by removing 'unsafe-eval'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Caching Headers
2 headers
Cache-Control
Caching
no-store
Last-Modified
Caching
Tue, 16 Dec 2025 23:21:42 GMT
Content Headers
1 headers
Content-Type
Content
text/html
Server Headers
1 headers
Server
Server
cloudflare
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
5 headers
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
9bed4f3d6887c944-IAD
Date
Other
Fri, 16 Jan 2026 11:35:27 GMT
Report-To
Other
{ "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "https://o69629.ingest.us.sentry.io/api/1530307/security/?sentry_key=ebd8037fcabf4aa79e6654e4d0184453" } ] }
X-Permitted-Cross-Domain-Policies
Other
master-only
Recommendations
Enable compression (gzip/brotli) to improve performance