Open
Cached
·
just now
14
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Basic
style-src; script-src; frame-src; +4 more
style-src *.vixverify.com ndapi-us-east-1.ndsprod.nudatasecurity.com *.edentiti.com fast.fonts.net f.fontdeck.com *.googleapis.com ajax.aspnetcdn.com hello.myfonts.net 'unsafe-inline' 'self'; script-src http://metrics.mastercard.com https://smetrics.mastercard.com https://cdn.cookielaw.org/ https://assets.adobedtm.com/ *.edentiti.com *.vixverify.com *.tt.omtrdc.net *.salesforceliveagent.com assets.adobedtm.com *.googleapis.com app.ehoundplatform.com maps.googleapis.com tinymce.cachefly.net ajax.googleapis.com www.google-analytics.com www.googletagmanager.com www.google.com www.googleadservices.com www.gstatic.com static.ads-twitter.com analytics.twitter.com script.crazyegg.com *.kampyle.com www.adobetag.com ajax.aspnetcdn.com api-mastercard-mpms.nd.nudatasecurity.com cdn.walkme.com ndapi-us-east-1.ndsprod.nudatasecurity.com 'self' 'unsafe-inline' 'unsafe-eval'; frame-src *; img-src ndapi-us-east-1.ndsprod.nudatasecurity.com *.edentiti.com *.vixverify.com *.force.com *.googleapis.com *.gstatic.com www.google-analytics.com www.google.com www.google.com.au *.doubleclick.net bat.bing.com www.facebook.com bat.r.msn.com t.co *.kampyle.com 'self' data:; font-src *.edentiti.com f.fontdeck.com fonts.gstatic.com ndapi-us-east-1.ndsprod.nudatasecurity.com 'self'; default-src google.com *.google.com http://metrics.mastercard.com https://smetrics.mastercard.com https://cdn.cookielaw.org/ https://assets.adobedtm.com/ *.edentiti.com *.vixverify.com ndapi-us-east-1.ndsprod.nudatasecurity.com 'self'; frame-ancestors 'none';
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
1 headers
Vary
Performance
Accept-Encoding
Caching Headers
3 headers
Cache-Control
Caching
no-cache, no-store, must-revalidate
Expires
Caching
-1
Pragma
Caching
no-cache
Content Headers
2 headers
Content-Length
Content
127329
Content-Type
Content
text/html; charset=utf-8
Server Headers
0 headers
No server headers found
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
TS01dc9083=01772feb4bd36e4ebfa6e6301a7770d27beca49028fa116512436eb1725be0145b8d12ee347485d72594580a0c016a39ab51a4fe9b653a1eaa2f9aff18a893c1f16818e165aaa846683d4b17441b8bc69a0b6bb1cf; Path=/; Secure; HttpOnly;
Other Headers
2 headers
Date
Other
Thu, 20 Nov 2025 15:45:44 GMT
X-Miniprofiler-Ids
Other
["a686c09f-5aa3-45c4-a196-2c20fa56a673","5d041ea2-305c-4c3b-82e2-7e87a938787f","413a0d06-6050-4f1d-a849-530591c2b856","a88e6943-1867-4469-bd15-8c978d672573","f4639a63-a3e5-4c3b-af08-ebcad79b4153","89a03ac9-ae18-4ac1-bbde-c387e3b63d2a","7513e5ff-b7a8-4fa9-a92b-4160201737e4","b1c8241a-7924-4fb6-8b5f-3e2c1b7fb4fd","0c70ab26-0040-49dc-9b5d-d03d96c270a8","3f906847-9717-41f4-b01c-0a5ad9fb7a4a","519d7e23-798a-460d-bb7a-eb60d0d48964","7e4605d3-efc7-4528-8e96-c4525dfe6c02","d3705a7a-c1ef-4838-a07a-d15988bd5e98","f5646eda-e9ec-43d1-97a2-dd7187e4655c","43a8594e-58be-4884-b6ef-b1e13b6e0436","54348065-55f5-48bd-ad00-d44531b58de9","bf8d0702-b309-426b-87a8-b3616b380236","0650001a-744a-4928-942e-aa1910a7f97b","44c946cc-d3e9-41f7-bb45-f9104a59395f","a662b662-3284-41f1-959f-431721749f17","1e1d7585-7fda-4e3e-ae5e-4ffe9e48c3c6"]
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 1498ms