Open
Cached
·
just now
26
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=63072000; includeSubDomains
Content-Security-Policy
Good
default-src; object-src; frame-ancestors; +13 more
default-src 'self'; object-src 'none'; frame-ancestors 'self'; base-uri 'self'; script-src 'self' content.pendo-tio.tenable.com app.pendo.io cdn.pendo.io pendo-io-static.storage.googleapis.com pendo-static-6670168804032512.storage.googleapis.com data.pendo.io challenges.cloudflare.com www.datadoghq-browser-agent.com cdn.ravenjs.com cdn.astronomer.io cdn.metarouter.io cdn.amplitude.com static.cloudflareinsights.com platform.cloud.coveo.com info.tenable.com app.getbeamer.com backend.getbeamer.com static.getbeamer.com 'sha256-hiLNVf8Wb4hkpMRvUiZXP0xD5krU++OYspwRDiFAwzg='; style-src 'self' app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-6670168804032512.storage.googleapis.com content.pendo-tio.tenable.com platform.cloud.coveo.com app.getbeamer.com 'unsafe-inline'; img-src 'self' app.pendo.io cdn.pendo.io content.pendo-tio.tenable.com pendo-io-static.storage.googleapis.com pendo-static-6670168804032512.storage.googleapis.com data.pendo-tio.tenable.com data.pendo.io app.getbeamer.com data: blob:; font-src 'self' fonts.gstatic.com cdn.pendo.io data:; connect-src 'self' pendo-static-6670168804032512.storage.googleapis.com data: app.pendo.io data.pendo-tio.tenable.com content.pendo-tio.tenable.com data.pendo.io backend.getbeamer.com rum-http-intake.logs.datadoghq.com *.browser-intake-datadoghq.com e.metarouter.io api.amplitude.com api2.amplitude.com cdn.amplitude.com analytics.cloud.coveo.com tenable.com www.tenable.com api.tenable.com; child-src 'self' www.youtube.com s.ytimg.com; frame-src app.getbeamer.com app.pendo.io www.youtube.com s.ytimg.com challenges.cloudflare.com; worker-src 'self' blob:; report-to tenable-cloud-csp; block-all-mixed-content; upgrade-insecure-requests; report-uri /csp-reports;
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Strengthen CSP by removing 'unsafe-eval'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
origin,accept-encoding
Caching Headers
2 headers
Cache-Control
Caching
max-age=3600, must-revalidate, public
Etag
Caching
W/"2286fbf186ba80e1b2203992c1dbb9d0"
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
Server
Server
cloudflare
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
12 headers
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
9b78fcf7cf07a5f2-IAD
Content-Security-Policy-Report-Only
Other
script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=xspqU5rh8DdGc3H._Ncf.JWXCHxyT7ixIfdCHv4Cq4I-1767343609-1.0.1.1-LjUxsyDvSvEO1WE8dSnNe6S8EOF01H2v4dlvI2CWGzMA0P7tUEYL1maE3giEdNMFVtps9Y.fkcSZxKcY1309.cmi2hh5CTv5CZlIEvg65CIjr3C7e1SdaCO3gGONjtwNuF0MZ3ImF7NbStZ_W1e6zEqIiB6A90l.kprg3Ln5GMLD0h7g1M1GJYVcEWFga5Bd; report-to cf-csp-endpoint
Date
Other
Fri, 02 Jan 2026 08:46:49 GMT
Nel
Other
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Report-To
Other
{"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=xspqU5rh8DdGc3H._Ncf.JWXCHxyT7ixIfdCHv4Cq4I-1767343609-1.0.1.1-LjUxsyDvSvEO1WE8dSnNe6S8EOF01H2v4dlvI2CWGzMA0P7tUEYL1maE3giEdNMFVtps9Y.fkcSZxKcY1309.cmi2hh5CTv5CZlIEvg65CIjr3C7e1SdaCO3gGONjtwNuF0MZ3ImF7NbStZ_W1e6zEqIiB6A90l.kprg3Ln5GMLD0h7g1M1GJYVcEWFga5Bd"}],"group":"cf-csp-endpoint","max_age":86400}
Reporting-Endpoints
Other
tenable-cloud-csp=/csp-reports
X-Cache-Status
Other
HIT
X-Download-Options
Other
noopen
X-Gateway-Site-Id
Other
service-nginx-router-us-east-1-prod-7f77646976-sm6bz
X-Request-Uuid
Other
7ef0636423709adf60ee96b6ec5917da
X-Robots-Tag
Other
noindex, nofollow
Recommendations
Enable compression (gzip/brotli) to improve performance