Open
Cached
·
just now
21
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Basic
default-src; script-src; style-src; +12 more
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://support.apperio.com data:; font-src 'self' https://fonts.gstatic.com; object-src 'self'; connect-src 'self' https://apperio-files-ieprod.s3.amazonaws.com https://ekr.zdassets.com https://apperio.zendesk.com https://sentry.io https://o38950.ingest.sentry.io https://*.browser-intake-datadoghq.eu https://rum-http-intake.logs.datadoghq.eu https://browser-intake-datadoghq.eu https://apperio.thoughtspot.cloud; worker-src blob:; frame-src 'self' https://apperio.thoughtspot.cloud; frame-ancestors 'self'; form-action 'self'; block-all-mixed-content; base-uri 'self'; manifest-src 'self'; report-uri https://sentry.io/api/287494/security/?sentry_key=429bd63d8b8d41b0aab8c72d2a6811d9;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Connection
Performance
close
Vary
Performance
Cookie
Caching Headers
1 headers
Cache-Control
Caching
no-cache, no-store
Content Headers
2 headers
Content-Length
Content
9159
Content-Type
Content
text/html; charset=utf-8
Server Headers
0 headers
No server headers found
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
session_expiry=""; expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/
Other Headers
6 headers
Date
Other
Sat, 17 Jan 2026 18:01:57 GMT
Feature-Policy
Other
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; sync-xhr 'none'; usb 'none'; vr 'none';
Via
Other
1.1 68fbda872a4e92e0774a97bdd960d43a.cloudfront.net (CloudFront)
X-Amz-Cf-Id
Other
9ZKLXZyKeoDOCoLwxN9uPLhhcj7wgVQEfNJ1IAu2hXhrRIcq5o5D-A==
X-Amz-Cf-Pop
Other
IAD55-P1
X-Cache
Other
Miss from cloudfront
Recommendations
Enable compression (gzip/brotli) to improve performance