HTTP Headers Analysis for https://compassi.anthem.com

SSL Verification Bypassed

The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.

Reason:

Unknown Certificate Authority - the server's certificate is not trusted

Open Cached · just now

19 Headers

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Weak

frame-ancestors

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Significantly strengthen CSP directives
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Accept-Ranges

Performance

bytes

Connection

Performance

Transfer-Encoding

Performance

chunked

Caching Headers

2 headers

Etag

Caching

"693be58b-1467"

Last-Modified

Caching

Fri, 12 Dec 2025 09:51:07 GMT

Content Headers

1 headers

Content-Type

Content

text/html; charset=UTF-8

Server Headers

1 headers

Server

nginx/1.29.4

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

incap_ses_1700_3139938=S6lLTSCihE6TAUlTmp2XFym0V2kAAAAAxCxg9zv93PSp6DmQWl30dg==; path=/; Domain=.standard.com; Secure; SameSite=None

Other Headers

8 headers

Content-Security-Policy-Report-Only

Other

default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ; form-action 'none' ; frame-ancestors 'self' ; script-src 'unsafe-eval' 'unsafe-hashes' 'report-sample'; report-uri /csp_report

Date

Other

Fri, 02 Jan 2026 12:03:54 GMT

Via

Other

kong/3.7.1.1-enterprise-edition

X-Cdn

Other

Imperva

X-Iinfo

Other

57-95682879-95682882 NNNN CT(67 73 0) RT(1767355434276 7) q(0 0 1 0) r(2 2) U24

X-Kong-Proxy-Latency

Other

X-Kong-Request-Id

Other

9bd39a638c4b004b2fea561bc368d90b

X-Kong-Upstream-Latency

Other

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching