Open
Cached
·
just now
25
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=63072000; includeSubDomains
Content-Security-Policy
Good
default-src; object-src; frame-ancestors; +13 more
default-src 'self'; object-src 'none'; frame-ancestors 'self'; base-uri 'self'; script-src 'self' content.pendo-tio.tenable.com app.pendo.io cdn.pendo.io pendo-io-static.storage.googleapis.com pendo-static-6670168804032512.storage.googleapis.com data.pendo.io challenges.cloudflare.com www.datadoghq-browser-agent.com cdn.ravenjs.com cdn.astronomer.io cdn.metarouter.io cdn.amplitude.com static.cloudflareinsights.com platform.cloud.coveo.com info.tenable.com app.getbeamer.com backend.getbeamer.com static.getbeamer.com 'sha256-hiLNVf8Wb4hkpMRvUiZXP0xD5krU++OYspwRDiFAwzg='; style-src 'self' app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-6670168804032512.storage.googleapis.com content.pendo-tio.tenable.com platform.cloud.coveo.com app.getbeamer.com 'unsafe-inline'; img-src 'self' app.pendo.io cdn.pendo.io content.pendo-tio.tenable.com pendo-io-static.storage.googleapis.com pendo-static-6670168804032512.storage.googleapis.com data.pendo-tio.tenable.com data.pendo.io app.getbeamer.com data: blob:; font-src 'self' fonts.gstatic.com cdn.pendo.io data:; connect-src 'self' pendo-static-6670168804032512.storage.googleapis.com data: app.pendo.io data.pendo-tio.tenable.com content.pendo-tio.tenable.com data.pendo.io backend.getbeamer.com rum-http-intake.logs.datadoghq.com *.browser-intake-datadoghq.com e.metarouter.io api.amplitude.com api2.amplitude.com cdn.amplitude.com analytics.cloud.coveo.com tenable.com www.tenable.com api.tenable.com; child-src 'self' www.youtube.com s.ytimg.com; frame-src app.getbeamer.com app.pendo.io www.youtube.com s.ytimg.com challenges.cloudflare.com; worker-src 'self' blob:; report-to tenable-cloud-csp; block-all-mixed-content; upgrade-insecure-requests; report-uri /csp-reports;
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Strengthen CSP by removing 'unsafe-eval'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
origin,accept-encoding
Caching Headers
2 headers
Cache-Control
Caching
max-age=3600, must-revalidate, public
Etag
Caching
W/"a10039983db3149693ba95fa5e364c85"
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
Server
Server
cloudflare
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
11 headers
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
9bafb3e76de0b4a5-IAD
Date
Other
Fri, 09 Jan 2026 00:08:53 GMT
Nel
Other
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Report-To
Other
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XicbqtkgQLhPEuoe5F6vjrG9jSrGChtvyWgqZy%2FXmcleeBIotbHRR5zthdDBWRUYHs5C7kfbYhTcfDkVljK1Ins5FT2wLBUwnDU0aA5ncHN2099ZhG63l79fegItr941TlSD"}],"group":"cf-nel","max_age":604800}
Reporting-Endpoints
Other
tenable-cloud-csp=/csp-reports
X-Cache-Status
Other
HIT
X-Download-Options
Other
noopen
X-Gateway-Site-Id
Other
service-nginx-router-us-east-1-prod-7f77646976-cxwk4
X-Request-Uuid
Other
a220139e00bdf13f82599f52cdd38489
X-Robots-Tag
Other
noindex, nofollow
Recommendations
Enable compression (gzip/brotli) to improve performance