HTTP Headers Analysis for https://dev-labs.optum.com

SSL Verification Bypassed

The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.

Reason:

Unknown Certificate Authority - the server's certificate is not trusted

Open Cached · just now

18 Headers

Detected Technologies from Headers

See all in URL Inspect 7

Google DoubleClick

Google reCAPTCHA Qualtrics

Salesforce Sites Simplecast

The Trade Desk

YouTube

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=300; includeSubdomains; preload

Content-Security-Policy

Weak

frame-ancestors; frame-src; upgrade-insecure-requests Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Significantly strengthen CSP directives
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Accept-Ranges

Performance

bytes

Vary

Performance

Accept-Encoding

accept-ranges: bytes
vary: Accept-Encoding

Caching Headers

Age

Caching

Cache-Control

Caching

max-age=60,s-maxage=600,stale-while-revalidate=43200,stale-if-error=43200, public

Etag

Caching

"15835-64b393527e350"

Expires

Caching

Fri, 20 Feb 2026 06:04:09 GMT

Last-Modified

Caching

Fri, 20 Feb 2026 03:42:17 GMT

age: 0
cache-control: max-age=60,s-maxage=600,stale-while-revalidate=43200,stale-if-error=43200, public
etag: "15835-64b393527e350"
expires: Fri, 20 Feb 2026 06:04:09 GMT
last-modified: Fri, 20 Feb 2026 03:42:17 GMT

Content Headers

Content-Length

Content

88117

Content-Type

Content

text/html;charset=utf-8

content-length: 88117
content-type: text/html;charset=utf-8

Server Headers

No server headers found

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

set-cookie: affinity="9782c8550e4e9544"; Path=/; HttpOnly; secure

Other Headers

Date

Other

Fri, 20 Feb 2026 05:59:09 GMT

X-Cache

Other

MISS

X-Served-By

Other

cache-lga21989-LGA, cache-lga21962-LGA

X-Timer

Other

S1771567149.330972,VS0,VS0,VE94

X-Vhost

Other

labs-publish

date: Fri, 20 Feb 2026 05:59:09 GMT
x-cache: MISS
x-served-by: cache-lga21989-LGA, cache-lga21962-LGA
x-timer: S1771567149.330972,VS0,VS0,VE94
x-vhost: labs-publish

Recommendations

Enable compression (gzip/brotli) to improve performance