Open
Cached
·
just now
19
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Basic
default-src; script-src; connect-src; +7 more
default-src * blob:;script-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.hongkongdisneyland.com *.go.com *.wdpromedia.com *.content.disney.io *.disneyinternational.com *.wdprapps.disney.com connect.facebook.net *.scorecardresearch.com *.dilcdn.com *.wdpro.wdig.com *.tt.omtrdc.net dpm.demdex.net assets.adobedtm.com tags.bkrtx.com d1ivexoxmp59q7.cloudfront.net disneyparks.sp1.convertro.com stags.bluekai.com tags.bluekai.com bat.bing.com *.doubleclick.net *.clicktale.net s.yimg.com/wi/ytc.js *.ads-twitter.com *.twitter.com *.facebook.com *.lpsnmedia.net *.liveperson.net *.googleadservices.com *.yahoo.com tag.mtrcs.samba.tv *.proofhq.com *.googletagmanager.com *.google-analytics.com static.tacdn.com *.resonate.com *.reson8.com *.sojern.com *.appdynamics.com *.eum-appdynamics.com *.go-mpulse.net *.akstat.io *.gam-apigw.wdprapps.disney.com *.my.site.com *.my.salesforce-scrt.com *.salesforce.com *.disney.com www.googletagmanager.com tagmanager.google.com *.demdex.net *.contentsquare.com *.cookielaw.org *.onetrust.com amazon-adsystem.com *.amazon-adsystem.com *.apptentive.com *.bluekai.com *.branch.io app.link www.googleadservices.com www.google.com pagead2.googlesyndication.com snap.licdn.com cdn.resonate.com sc-static.net *.snapchat.com analytics.tiktok.com js.adsrvr.org https://*.screenmeet.com;connect-src wss://*.liveperson.net *.liveperson.net *.lpsnmedia.net *.my.site.com *.hongkongdisneyland.com *.my.salesforce-scrt.com *.salesforce.com 'self' *.disney.com *.go.com *.demdex.net adobedc.demdex.net edge.adobedc.net *.tt.omtrdc.net *.akstat.io *.go-mpulse.net *.clicktale.net *.contentsquare.net *.google-analytics.com *.analytics.google.com analytics.google.com *.googletagmanager.com *.cookielaw.org *.onetrust.com amazon-adsystem.com *.amazon-adsystem.com paa-reporting-advertising.amazon *.paa-reporting-advertising.amazon *.apptentive.com bat.bing.com *.branch.io *.doubleclick.net www.googleadservices.com *.google.com pagead2.googlesyndication.com cdn.linkedin.oribi.io *.reson8.com *.snapchat.com analytics.tiktok.com s.yimg.com insight.adsrvr.org https://*.screenmeet.com wss://*.screenmeet.com *.launchdarkly.com;media-src blob: *.lpsnmedia.net *.wdprapps.disney.com *.my.site.com *.my.salesforce-scrt.com *.salesforce.com;img-src * data: *.lpsnmedia.net *.my.site.com *.my.salesforce-scrt.com *.salesforce.com *.akstat.io *.clicktale.net *.contentsquare.net *.google-analytics.com *.googletagmanager.com *.cookielaw.org px.ads.linkedin.com https://*.screenmeet.com;style-src 'self' 'unsafe-inline' *.lpsnmedia.net *.go.com *.wdpromedia.com *.wdprapps.disney.com *.liveperson.net *.gam-apigw.wdprapps.disney.com *.twdc.com *.my.site.com *.my.salesforce-scrt.com *.salesforce.com tagmanager.google.com fonts.googleapis.com *.apptentive.com;frame-src 'self' *.go.com *.fls.doubleclick.net stags.bluekai.com tags.bluekai.com assets.adobedtm.com *.lpsnmedia.net *.liveperson.net *.facebook.com *.tamgrt.com *.flashtalking.com *.clicktale.net disney.idmelabs.com disney.id.me *.demdex.net cdn1.parksmedia.wdprapps.disney.com cdn2.parksmedia.wdprapps.disney.com *.go-mpulse.net *.akstat.io *.gam-apigw.wdprapps.disney.com *.my.site.com *.my.salesforce-scrt.com *.salesforce.com s.amazon-adsystem.com *.bluekai.com *.doubleclick.net *.snapchat.com *.adsrvr.org *.disney.com *.wdpromedia.com 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com tagmanager.google.com *.tt.omtrdc.net blob: https://*.screenmeet.com;font-src * data: fonts.gstatic.com;child-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.hongkongdisneyland.com *.go.com *.wdpromedia.com *.content.disney.io *.disneyinternational.com *.wdprapps.disney.com connect.facebook.net *.scorecardresearch.com *.dilcdn.com *.wdpro.wdig.com *.tt.omtrdc.net dpm.demdex.net assets.adobedtm.com tags.bkrtx.com d1ivexoxmp59q7.cloudfront.net disneyparks.sp1.convertro.com stags.bluekai.com tags.bluekai.com bat.bing.com *.doubleclick.net *.clicktale.net s.yimg.com/wi/ytc.js *.ads-twitter.com *.twitter.com *.facebook.com *.lpsnmedia.net *.liveperson.net *.googleadservices.com *.yahoo.com tag.mtrcs.samba.tv *.proofhq.com *.googletagmanager.com *.google-analytics.com static.tacdn.com *.resonate.com *.reson8.com *.sojern.com *.appdynamics.com *.eum-appdynamics.com *.go-mpulse.net *.akstat.io *.gam-apigw.wdprapps.disney.com *.my.site.com *.my.salesforce-scrt.com *.salesforce.com *.disney.com www.googletagmanager.com tagmanager.google.com *.demdex.net *.contentsquare.com *.cookielaw.org *.onetrust.com amazon-adsystem.com *.amazon-adsystem.com *.apptentive.com *.bluekai.com *.branch.io app.link www.googleadservices.com www.google.com pagead2.googlesyndication.com snap.licdn.com cdn.resonate.com sc-static.net *.snapchat.com analytics.tiktok.com js.adsrvr.org blob:;worker-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.hongkongdisneyland.com *.go.com *.wdpromedia.com *.content.disney.io *.disneyinternational.com *.wdprapps.disney.com connect.facebook.net *.scorecardresearch.com *.dilcdn.com *.wdpro.wdig.com *.tt.omtrdc.net dpm.demdex.net assets.adobedtm.com tags.bkrtx.com d1ivexoxmp59q7.cloudfront.net disneyparks.sp1.convertro.com stags.bluekai.com tags.bluekai.com bat.bing.com *.doubleclick.net *.clicktale.net s.yimg.com/wi/ytc.js *.ads-twitter.com *.twitter.com *.facebook.com *.lpsnmedia.net *.liveperson.net *.googleadservices.com *.yahoo.com tag.mtrcs.samba.tv *.proofhq.com *.googletagmanager.com *.google-analytics.com static.tacdn.com *.resonate.com *.reson8.com *.sojern.com *.appdynamics.com *.eum-appdynamics.com *.go-mpulse.net *.akstat.io *.gam-apigw.wdprapps.disney.com *.my.site.com *.my.salesforce-scrt.com *.salesforce.com *.disney.com www.googletagmanager.com tagmanager.google.com *.demdex.net *.contentsquare.com *.cookielaw.org *.onetrust.com amazon-adsystem.com *.amazon-adsystem.com *.apptentive.com *.bluekai.com *.branch.io app.link www.googleadservices.com www.google.com pagead2.googlesyndication.com snap.licdn.com cdn.resonate.com sc-static.net *.snapchat.com analytics.tiktok.com js.adsrvr.org blob:
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Connection
Performance
Transfer-Encoding
Transfer-Encoding
Performance
chunked
Caching Headers
4 headers
Cache-Control
Caching
public, max-age=300, s-maxage=300
Etag
Caching
W/"994ee4a8-569039"
Expires
Caching
Wed, 14 Jan 2026 13:57:22 GMT
Last-Modified
Caching
2026-01-14T13:36:36.308Z
Content Headers
1 headers
Content-Type
Content
text/html
Server Headers
0 headers
No server headers found
CORS Headers
1 headers
Access-Control-Allow-Origin
Cors
https://disneyworld.disney.go.com
Cookies Headers
1 headers
Set-Cookie
Cookies
bm_sz=760FACF3241316F4750F5139DEA95BA0~YAAQDmQwF0E69zqbAQAAM2THvB5AxNUQNLIrdq5cCTOOJhuFjCXSFZabwIQYlxXwJdCXYLo2DnqvdMahc7Y3I8NRBt2P+mhA1/pCyFLlcD8TwMgiIasQZOGjA3PLZJS+L6YhFgEnpl8XmAB0q6MrPB87kT4b3EVul4+jMQnXKlh1UaSJpP2d7V6PH9tXU9rd1vNQGnAOMX9hhX18BoaXzy4wnzGxTGIsSVjjNQ84moYPY4OXjTRBr4DVw0MZa0klmgBAsOrC1a8ianpzfzumavMrcAK9ccb3cf5yASCLfKSqUvkFxGBFifKbCj7fCYQy9vtz56EUw7skndp/SVkHX93wicS2WPSwaLk=~3617590~4535856; Domain=.go.com; Path=/; Expires=Wed, 14 Jan 2026 17:52:22 GMT; Max-Age=14400
Other Headers
9 headers
Akamai-Grn
Other
0.0e643017.1768398742.a5b4cd06
Alt-Svc
Other
h3=":443"; ma=93600
Date
Other
Wed, 14 Jan 2026 13:52:22 GMT
Server-Timing
Other
ak_p; desc="1768398742542_389047310_2780089606_32_10996_1_5_-";dur=1
X-Akamai-Transformed
Other
9 33738 0 pmb=mRUM,3
X-Disney-Akamai-Rule
Other
Default Rule
X-Disney-Internal-Affiliation
Other
standard
X-Disney-Internal-Html-Cache
Other
true
X-Disney-Internal-Preferred-Language
Other
en-us
Recommendations
Enable compression (gzip/brotli) to improve performance