HTTP Headers Analysis for https://app.securegive.com

Detected Technologies from Headers

See all in URL Inspect 10

Apple Pay

AWS

Google Search

Google Static File Front End

Google Tag Manager

jsDelivr

Localize.js

New Relic

Stytch

Google Cloud

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Basic

upgrade-insecure-requests; object-src; script-src; +3 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

display-capture=(), usb=(), geolocation=*; +3 more

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

connection: close
transfer-encoding: chunked

Caching Headers

Cache-Control

Caching

no-cache

Etag

Caching

W/"69aa24e1-823"

Expires

Caching

Thu, 01 Jan 1970 00:00:01 GMT

Last-Modified

Caching

Fri, 06 Mar 2026 00:50:41 GMT

cache-control: no-cache
etag: W/"69aa24e1-823"
expires: Thu, 01 Jan 1970 00:00:01 GMT
last-modified: Fri, 06 Mar 2026 00:50:41 GMT

Content Headers

Content-Type

Content

text/html

content-type: text/html

Server Headers

No server headers found

CORS Headers

No CORS headers found

Cookies Headers

No cookies headers found

Other Headers

Date

Other

Tue, 05 May 2026 05:25:30 GMT

Reporting-Endpoints

Other

csp-endpoint=https://report.centralcsp.com/68dc2d7bb4eb0dfdf89d534c

date: Tue, 05 May 2026 05:25:30 GMT
reporting-endpoints: csp-endpoint=https://report.centralcsp.com/68dc2d7bb4eb0dfdf89d534c

Recommendations

Enable compression (gzip/brotli) to improve performance