SSL Verification Bypassed
The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.
Reason:
Hostname Mismatch - certificate is issued for www.central1.com, not for central1.com
Open
Cached
·
just now
18
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=72000
Content-Security-Policy
Basic
frame-src; connect-src; font-src; +4 more
frame-src 'self' embed.fillout.com web.cvent.com *.statuspage.io/ *.youtube.com *.twitter.com www2.central1.com central1marketing.formstack.com; connect-src 'self' stats.g.doubleclick.net *.clarity.ms *.hotjar.com *.hotjar.io *.googletagmanager.com *.google-analytics.com *.youtube.com *.twitter.com *.google.com; font-src 'self' static.formstack.com fonts.gstatic.com *.typekit.net data:; script-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' server.fillout.com *.clarity.ms tagmanager.google.com pi.pardot.com www2.central1.com maps.googleapis.com maps.google.com *.smartrecruiters.com cdn.syndication.twimg.com *.twitter.com *.googletagmanager.com *.google-analytics.com central1marketing.formstack.com static.formstack.com ajax.googleapis.com; style-src 'self' tagmanager.google.com *.typekit.net *.twitter.com *.twimg.com static.formstack.com fonts.googleapis.com *.smartrecruiters.com 'unsafe-inline'; img-src 'self' *.clarity.ms *.bing.com *.central1.com www.googletagmanager.com www.google.com www.google.ca ssl.gstatic.com www.gstatic.com maps.google.com maps.googleapis.com maps.gstatic.com stats.g.doubleclick.net data: *.google-analytics.com *.twimg.com *.twitter.com secure.gravatar.com ps.w.org; default-src 'self'
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer-when-downgrade
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Vary
Performance
Accept-Encoding,Cookie
Caching Headers
5 headers
Cache-Control
Caching
max-age=5957, public, public
Etag
Caching
"1066a-649fbf7b77fde"
Expires
Caching
Wed, 04 Feb 2026 11:13:21 GMT
Last-Modified
Caching
Wed, 04 Feb 2026 09:13:21 GMT
Pragma
Caching
public
Content Headers
2 headers
Content-Length
Content
67178
Content-Type
Content
text/html; charset=UTF-8
Server Headers
1 headers
Server
Server
Apache
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
1 headers
Date
Other
Wed, 04 Feb 2026 09:34:04 GMT
Recommendations
Enable compression (gzip/brotli) to improve performance