Open
Cached
·
just now
14
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=15768000
Content-Security-Policy
Good
default-src; script-src; style-src; +10 more
default-src 'self';script-src 'self' cdnjs.cloudflare.com https://cdn.syncfusion.com js.monitor.azure.com ajax.aspnetcdn.com *.msecnd.net www.datadoghq-browser-agent.com *.stripe.com 'unsafe-inline';style-src 'self' cdnjs.cloudflare.com cdn.syncfusion.com fonts.googleapis.com fonts.gstatic.com 'unsafe-inline';connect-src 'self' dc.services.visualstudio.com *.applicationinsights.azure.com *.js.monitor.azure.com https://fhir-ehr.sandboxcerner.com https://authorization.sandboxcerner.com https://*.service.signalr.net wss://*.service.signalr.net https://cdn.syncfusion.com https://fhir-ehr.cerner.com https://authorization.cerner.com https://launch.smarthealthit.org logs.browser-intake-datadoghq.com https://npiregistry.cms.hhs.gov rum.browser-intake-datadoghq.com https://cdnjs.cloudflare.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com data:;img-src 'self' data: *.intellicure.com *.blob.core.windows.net i.vimeocdn.com;media-src 'none';object-src 'self' https://iehrtrainingproduction.blob.core.windows.net;frame-ancestors 'self' *.epic.com;frame-src 'self' *.youtube.com *.vimeo.com *.blob.core.windows.net *.stripe.com *.drfirst.com;worker-src 'self' blob:;base-uri 'self';report-uri https://intellicure7.report-uri.com/r/d/csp/reportOnly
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Strengthen CSP by removing 'unsafe-eval'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Caching Headers
3 headers
Cache-Control
Caching
no-cache,no-store
Expires
Caching
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
Caching
no-cache
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
0 headers
No server headers found
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
.AspNetCore.Antiforgery.WYyhwYVAbOA=CfDJ8Aao8epBmhFPvcRN7zEfrSqaDYKTZlIZbmewShzljd710zR1PvO9iRD56j2SabISL5B0UsQWZ7_XUqAgL6p1P6UPpxA-frHC6-oDOXOl2rXT_9dQBpzIh99GI08b9lDGYhGKqa_jyRh2wlE06R-XqQ8; path=/; secure; samesite=strict; httponly
Other Headers
3 headers
Date
Other
Sat, 27 Dec 2025 11:44:29 GMT
Public-Key-Pins-Report-Only
Other
pin-sha256="nrmpk4ZI3wbRBmUZIT5aKAgP0LlKHRgfA2Snjzeg9iY=";max-age=2592000; report-uri="/hpkp-report"
Request-Context
Other
appId=cid-v1:d7a969ea-52f5-4615-9b1e-5f0fbc185ffd
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 530ms