HTTP Headers Analysis for https://ausa.org

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=300

Content-Security-Policy

Basic

upgrade-insecure-requests; default-src; child-src; +12 more

upgrade-insecure-requests; default-src 'self' 'unsafe-inline' https://c.disquscdn.com https://disqus.com/ https://78e90748.flowpaper.com/; child-src 'self' https://www.google.com/ https://disqus.com/ https://www.youtube.com/ https://www.podbean.com/ https://www.facebook.com/ https://platform.twitter.com/ https://submit.jotform.com/ https://submit.jotform.us/ https://*.partnerbookingkit.com/ https://cdn.ingo.me; connect-src 'self' http://sentry.utdev.com/ https://links.services.disqus.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://polo.feathr.co/ https://bam.nr-data.net/ https://www.googletagmanager.com/ https://*.partnerbookingkit.com/ https://submit.jotform.com/ https://ausa.careerwebsite.com/ https://cdn.ingo.me https://app.ingo.me https://78e90748.flowpaper.com/ https://px.ads.linkedin.com/wa/ https://analytics.google.com https://js.arcgis.com/ https://l.sharethis.com/ https://ausa.my.site.com/ https://www.google.com/ https://ad.doubleclick.net/ https://px.ads.linkedin.com/ https://www.facebook.com/; font-src 'self' https:; frame-src 'self' https://ausa-a.akamaihd.net/ https://submit.jotform.com/ https://*.jotform.com/ https://www.youtube.com/ https://disqus.com/ https://www.facebook.com/ https://www.podbean.com/ https://info.ausa.org/ https://www.google.com/ https://calendar.google.com/ https://accounts.google.com/ https://*.google.com/ https://submit.jotform.us/ https://www.arcgis.com/ https://cdn.ingo.me https://11098073.fls.doubleclick.net https://static.addtoany.com/ https://78e90748.flowpaper.com/ARMYOct2021GreenBook/ https://www.dvidshub.net https://player.vimeo.com/ https://glac-ausa.forms-db.com/ https://bid.g.doubleclick.net/ https://fast.wistia.net/ https://www.dvidshub.net/ https://newassets.hcaptcha.com/ https://platform.twitter.com/ https://*.flowpaper.com https://ausa.force.com/ https://td.doubleclick.net/ https://my.matterport.com/ https://video.ibm.com/ https://ausa-org-hub.maps.arcgis.com/ https://ausa.my.site.com/ https://www.googletagmanager.com/; img-src 'self' https: data:; media-src 'self' https:; object-src 'self'; script-src 'self' 'unsafe-eval' https://form.jotform.com/* https://form.jotform.com/ https://code.jquery.com/ https://secure.polldaddy.com/ https://www.googletagmanager.com/ https://cdn.jotfor.ms/ https://www.google-analytics.com/ https://snap.licdn.com/ https://*.partnerbookingkit.com/ https://jotform.com/ https://*.jotform.com/ https://ausaorg.disqus.com https://*.disquscdn.com https://disqus.com https://c.disquscdn.com https://g.adspeed.net https://cdn.ingo.me https://js-agent.newrelic.com https://connect.facebook.net https://secure.quantserve.com https://www.vbt.io https://cdn.feathr.co https://a.smtrk.net/ https://polo.feathr.co https://78e90748.flowpaper.com/ https://preprod-ausa.utstaging.com addtocalendar.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://polyfill.io https://unpkg.com https://use.fontawesome.com mdbootstrap.com platform.twitter.com stackpath.bootstrapcdn.com; script-src-elem * 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.typekit.net https://tagmanager.google.com https://cdn.jotfor.ms/ https://*.partnerbookingkit.com/ https://cdn.ingo.me https://78e90748.flowpaper.com/ addtocalendar.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.typekit.net mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; style-src-elem * 'unsafe-inline'; worker-src 'self' https://www.google.com/ https://disqus.com/ https://www.youtube.com/ https://www.podbean.com/ https://www.facebook.com/ https://platform.twitter.com/ https://submit.jotform.com/ https://submit.jotform.us/ https://www.googletagmanager.com/ https://cdn.ingo.me; frame-ancestors 'self'

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Vary

Performance

Accept-Encoding, Cookie, Cookie, Cookie

Caching Headers

5 headers

Age

Caching

1086

Cache-Control

Caching

max-age=43200, public

Etag

Caching

W/"1767067577"

Expires

Caching

Sun, 19 Nov 1978 05:00:00 GMT

Last-Modified

Caching

Tue, 30 Dec 2025 04:06:17 GMT

Content Headers

3 headers

Content-Language

Content

en

Content-Length

Content

188746

Content-Type

Content

text/html; charset=UTF-8

Server Headers

1 headers

Server

nginx

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

12 headers

Date

Other

Tue, 30 Dec 2025 04:24:23 GMT

Via

Other

1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish

X-Cache

Other

HIT, MISS, MISS, MISS

X-Cache-Hits

Other

3, 0, 0, 0

X-Drupal-Cache

Other

MISS

X-Drupal-Dynamic-Cache

Other

UNCACHEABLE

X-Generator

Other

Drupal 9 (https://www.drupal.org)

X-Pantheon-Styx-Hostname

Other

styx-fe1-a-67747dcd96-lnlqm

X-Served-By

Other

cache-chi-kigq8000118-CHI, cache-pdk-katl1840044-PDK, cache-pdk-kfty8610043-PDK, cache-pdk-kfty8610043-PDK

X-Styx-Req-Id

Other

e3c60f04-e534-11f0-98e7-721edab6bcd4

X-Timer

Other

S1767068663.068232,VS0,VE51

X-Ua-Compatible

Other

IE=edge

Recommendations

Enable compression (gzip/brotli) to improve performance