SSL Verification Bypassed
The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.
Reason:
Unknown Certificate Authority - the server's certificate is not trusted
Open
Cached
·
just now
16
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Basic
default-src; script-src; style-src; +7 more
default-src *.myidx.cloud 'self' ajax.googleapis.com assets.investisdigital.com fonts.googleapis.com use.typekit.net google-analytics.com code.highcharts.com viz.tools.investis.com edge.api.brightcove.com *.brightcovecdn.com; script-src *.myidx.cloud 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' unpkg.com *.webvideocore.net static.cloudflareinsights.com cdn.cookielaw.org *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net idxdpplayer.myidx.cloud privacyportal-eu-cdn.onetrust.com api.reciteme.com ajax.googleapis.com ajax.cloudflare.com connect.facebook.net player.vimeo.com www.youtube.com cdn.jsdelivr.net code.jquery.com otp.tools.investis.com use.typekit.net google-analytics.com www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com code.highcharts.com viz.tools.investis.com cdnjs.cloudflare.com *.investisdigital.com *.invdcloud-is.co.uk subscriptions.smartrecruiters.com; style-src *.myidx.cloud 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com *.webvideocore.net privacyportal-eu-cdn.onetrust.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net api.reciteme.com idxdpplayer.myidx.cloud google-analytics.com fonts.googleapis.com viz.tools.investis.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investisdigital.com *.invdcloud-is.co.uk; object-src 'none'; connect-src *.myidx.cloud 'self' cdn.jsdelivr.net cdn.cookielaw.org ad.doubleclick.net www.google.com britecove-api.connectid.cloud stats.reciteme.com api.reciteme.com stats.g.doubleclick.net edge.api.brightcove.com google-analytics.com www.google-analytics.com *.google-analytics.com irs.tools.investis.com viz.tools.investis.com cookiemanager.investisdigital.com *.investisdigital.com vimeo.com *.onetrust.com *.googleapis.com; form-action 'self'; font-src *.myidx.cloud 'self' 'unsafe-inline' data: api.reciteme.com debeers.a.bigcontent.io *.webvideocore.net idxdpplayer.myidx.cloud privacyportal-eu-cdn.onetrust.com fonts.googleapis.com viz.tools.investis.com use.typekit.net google-analytics.com fonts.gstatic.com *.investisdigital.com; frame-src *.myidx.cloud 'self' *.webvideocore.net *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net td.doubleclick.net 8962798.fls.doubleclick.net otp.tools.investis.com www.googletagmanager.com viz.tools.investis.com *.google.com irs.tools.investis.com otp.tools.investis.com connectidfeed.com *.connectidfeed.com www.youtube.com www.youtube-nocookie.com *.vimeo.com subscriptions.smartrecruiters.com; img-src *.myidx.cloud 'self' 'unsafe-inline' www.google.com ad.doubleclick.net maps.googleapis.com www.googletagmanager.com maps.gstatic.com maps.google.com cdn.cookielaw.org cf-images.eu-west-1.prod.boltdns.net data: www.w3.org;; media-src *.myidx.cloud 'self' staticcontents.investis.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
accelerometer=(),ambient-light-sensor=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), gyroscope=(), magnetometer=(), midi=(), payment=(), picture-in-picture=(self "https://www.youtube-nocookie.com"), publickey-credentials-get=(), usb=(), web-share=(), xr-spatial-tracking=()
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
Performance Headers
1 headers
Vary
Performance
Accept-Encoding
Caching Headers
1 headers
Cache-Control
Caching
private
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
Server
Server
cloudflare
CORS Headers
1 headers
Access-Control-Allow-Origin
Cors
*
Cookies Headers
1 headers
Set-Cookie
Cookies
_cfuvid=7r7eXGRRsjzSd5Sr7UwT1HBOxbZYtkmRlFMyBaYeBjo-1766779153010-0.0.1.1-604800000; path=/; domain=.www.debeersgroup.com; HttpOnly; Secure; SameSite=None
Other Headers
3 headers
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
9b4328462d59b83d-IAD
Date
Other
Fri, 26 Dec 2025 19:59:13 GMT
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 1694ms