Open
Cached
·
just now
18
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Basic
default-src; img-src; media-src; +1 more
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.intellumlevel.com *.amazonaws.com *.googleapis.com *.google-analytics.com *.jquery.com *.googleusercontent.com *.githubusercontent.com *.snplow.net *.intellumanalytics.com *.userpilot.io ws://analytex.userpilot.io *.intellumsocial.com *.tribesocial.com *.intellum.com *.youtube.com *.vhall.com *.youtube-nocookie.com *.embedly.com *.embed.ly vimeo.com *.vimeo.com livestream.com *.livestream.com *.brightcove.net *.facebook.com zoom.us *.zoom.us wss://*.zoom.us cdnjs.cloudflare.com *.newrelic.com bam.nr-data.net *.evolveauthoring.com *.feathery.io *.cloudfront.net *.workato.com js.live.net graph.microsoft.com *.svc.ms *.1drv.com *.microsoftpersonalcontent.com *.engine.scorm.com *.nest.com *.demandbase.com *.company-target.com *.zscaler.net *.widencdn.net *.ytimg.com *.tealiumiq.com *.atdmt.com *.tiqcdn.com *.facebook.net *.gstatic.com *.google.com *.doubleclick.net *.googleadservices.com *.stripe.com *.googletagmanager.com *.googleplex.com *.aptrinsic.com wss://websockets-v5.intellum.com cdn.exceedlms.com *.cookielaw.org *.onetrust.com *.cookiepro.com dn.cookielaw.org; img-src * data: blob:; media-src * blob: mediastream: data:; frame-ancestors 'self' *.exceedlms.com *.intellumsocial.com *.tribesocial.com *.intellum.com *.youtube.com *.vhall.com *.youtube-nocookie.com *.embedly.com *.embed.ly vimeo.com *.vimeo.com livestream.com *.livestream.com *.brightcove.net *.facebook.com zoom.us *.zoom.us wss://*.zoom.us cdnjs.cloudflare.com *.newrelic.com *.userpilot.io ws://analytex.userpilot.io bam.nr-data.net *.evolveauthoring.com *.feathery.io *.cloudfront.net *.workato.com js.live.net graph.microsoft.com *.svc.ms *.1drv.com *.microsoftpersonalcontent.com *.engine.scorm.com *.nest.com *.demandbase.com *.company-target.com *.zscaler.net *.widencdn.net *.ytimg.com *.tealiumiq.com *.atdmt.com *.tiqcdn.com *.facebook.net *.gstatic.com *.doubleclick.net *.googleadservices.com *.stripe.com *.googletagmanager.com *.googleplex.com *.aptrinsic.com dn.cookielaw.org;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
close
Transfer-Encoding
chunked
Vary
Accept-Encoding
Caching Headers
2 headers
Cache-Control
max-age=0, private, must-revalidate
Etag
W/"b0bf9e9a571243e40fdf4751ea3dd5b6"
Content Headers
1 headers
Content-Type
text/html; charset=utf-8
Server Headers
0 headers
No server headers found
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
_base_session=6cb346063e0967f9cec8ee260520d085; path=/; expires=Mon, 16 Mar 2026 10:30:03 GMT; secure; HttpOnly; SameSite=None
Other Headers
5 headers
Date
Sat, 14 Feb 2026 00:00:57 GMT
Status
200 OK
X-Download-Options
noopen
X-Permitted-Cross-Domain-Policies
none
X-Request-Id
32f1b9c7-4756-4c52-b61a-b2f8bb282dc1
Recommendations
Enable compression (gzip/brotli) to improve performance