HTTP Headers Analysis for https://dev.re-leased.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; script-src; style-src; +6 more

default-src 'self' blob: *.webspellchecker.net *.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.re-leased.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com browser-update.org *.vo.msecnd.net *.azurefd.net *.webspellchecker.net *.raygun.io *.ggpht.com app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-5738132835926016.storage.googleapis.com data.pendo.io assets.calendly.com *.announcekit.app announcekit.co static.zdassets.com re-leasedsupport.zendesk.com js.monitor.azure.com static.asknice.ly cdn.asknice.ly released.asknice.ly; style-src 'self' 'unsafe-inline' *.re-leased.com *.googleapis.com *.vo.msecnd.net *.azurefd.net *.bootstrapcdn.com *.ggpht.com svc.webspellchecker.net app.pendo.io cdn.pendo.io pendo-static-5738132835926016.storage.googleapis.com *.announcekit.app static.asknice.ly cdn.asknice.ly released.asknice.ly; img-src 'self' *.re-leased.com data: *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.vo.msecnd.net *.azurefd.net *.webspellchecker.net *.ggpht.com cdn.pendo.io app.pendo.io pendo-static-5738132835926016.storage.googleapis.com data.pendo.io re-leased-help.zendesk.com re-leasedsupport.zendesk.com static.asknice.ly cdn.asknice.ly released.asknice.ly; font-src 'self' data: *.gstatic.com *.vo.msecnd.net *.azurefd.net *.bootstrapcdn.com svc.webspellchecker.net *.re-leased.com; connect-src 'self' *.googleapis.com *.google-analytics.com *.raygun.io *.services.visualstudio.com svc.webspellchecker.net app.pendo.io data.pendo.io pendo-static-5738132835926016.storage.googleapis.com static.asknice.ly cdn.asknice.ly released.asknice.ly app-released-prodglobal-prizmdocviewer-apac.azurewebsites.net app-released-prodglobal-prizmdocviewer-us.azurewebsites.net app-released-prodglobal-prizmdocviewer-uk.azurewebsites.net wss: *.re-leased.com *.service.signalr.net *.zdassets.com re-leased-help.zendesk.com https://id.zopim.com vm-prodglobal-docker-apac-00.australiaeast.cloudapp.azure.com *.monitor.azure.com *.applicationinsights.azure.com *.azurefd.net; frame-ancestors 'self' app.pendo.io; child-src 'self' app.pendo.io static.asknice.ly cdn.asknice.ly released.asknice.ly *.youtube.com *.figma.com calendly.com announcekit.co https://analytics.crediaexecutive.com https://insights.re-leased.com; frame-src 'self' blob: *.re-leased.com app.pendo.io static.asknice.ly cdn.asknice.ly released.asknice.ly *.youtube.com *.figma.com calendly.com announcekit.co https://analytics.crediaexecutive.com https://insights.re-leased.com re-leased.sbx.keylight.com

X-Frame-Options

Good

SameOrigin

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

accelerometer=(), gyroscope=(), magnetometer=(), midi=(), payment=(), usb=(), serial=(), hid=(), bluetooth=(), xr-spatial-tracking=()

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'

Performance Headers

2 headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Caching Headers

3 headers

Cache-Control

Caching

no-cache, no-store

Expires

Caching

-1

Pragma

Caching

no-cache

Content Headers

2 headers

Content-Length

Content

10262

Content-Type

Content

text/html; charset=utf-8

Server Headers

0 headers

No server headers found

CORS Headers

3 headers

Access-Control-Allow-Origin

Cors

https://dev.re-leased.com

Access-Control-Expose-Headers

Cors

Request-Context

Access-Control-Max-Age

Cors

1800

Cookies Headers

1 headers

Set-Cookie

Cookies

__RequestVerificationToken=8SfZL9TzFqAaib0fxs35GqdQwBHMt-25y_VmG87mEWI4SPJk0UDeGAXnIYomqRDjaGEmORV5AJI60oL3LlqEy9SAvQmxa5HahQPkd4wvUjOeXpR6MgOHdU1VtNI-1bon2ptZzjyJayLLTSI3VgMheQ2; path=/; secure; HttpOnly