HTTP Headers Analysis for https://dev2.app.gaviti.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Basic

upgrade-insecure-requests; block-all-mixed-content; frame-ancestors; +14 more

upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self'; default-src https://cdn.plaid.com/; script-src 'self' 'sha256-3bzWVxQE32IZQKH9eh8KzyHuhXOlMrboDVVBRd0fWTU=' 'report-sample' 'unsafe-eval' gaviti.com *.gaviti.com https://challenges.cloudflare.com https://cdn.plaid.com/link/v2/stable/link-initialize.js google.com *.google.com googleapis.com *.googleapis.com google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com gstatic.cn *.gstatic.cn googleoptimize.com *.googleoptimize.com clarity.ms *.clarity.ms https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://*.stripe.com; style-src 'self' 'report-sample' 'unsafe-inline' gaviti.com *.gaviti.com optimize.google.com *.googleapis.com; object-src 'none'; frame-src 'self' gaviti.com *.gaviti.com https://*.stripe.com https://challenges.cloudflare.com https://cdn.plaid.com/ optimize.google.com https:; child-src 'self' https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net blob:; img-src https: data: blob:; font-src 'self' gaviti.com *.gaviti.com googleapis.com *.googleapis.com gstatic.com *.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com data:; connect-src 'self' gaviti.com *.gaviti.com https://stage.api.gaviti.com wss://stage.api.gaviti.com https://us.api.gaviti.com wss://us.api.gaviti.com https://api.gaviti.com wss://api.gaviti.com https://*.stripe.com clarity.ms *.clarity.ms googleapis.com *.googleapis.com google-analytics.com *.google-analytics.com https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://production.plaid.com/ wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://ingest.sentry.io https://*.ingest.sentry.io data: blob:; manifest-src 'self'; base-uri 'none'; form-action 'self' https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io; media-src 'self' https://js.intercomcdn.com; worker-src 'self' blob: data:;

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

fullscreen=self, geolocation=self, camera=self, microphone=self, gyroscope=(), payment=(), autoplay=()

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'

Performance Headers

3 headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Vary

Performance

x-fh-requested-host, accept-encoding

Caching Headers

3 headers

Cache-Control

Caching

no-cache, no-store, must-revalidate

Etag

Caching

"144e45a4ddf84eaf93eb96a7f977bf10d97cf9d843246084ab5dc945f6493101"

Last-Modified

Caching

Wed, 21 Jan 2026 12:42:47 GMT

Content Headers

2 headers

Content-Length

Content

1223

Content-Type

Content

text/html; charset=utf-8

Server Headers

0 headers

No server headers found

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

7 headers

Alt-Svc

Other

h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

Date

Other

Wed, 28 Jan 2026 01:30:40 GMT

X-Cache

Other

MISS

X-Cache-Hits

Other

0

X-Robots-Tag

Other

noindex

X-Served-By

Other

cache-iad-kiad7000166-IAD

X-Timer

Other

S1769563841.869405,VS0,VE121

Recommendations

Enable compression (gzip/brotli) to improve performance