HTTP Headers Analysis for https://login.ivans.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=15768000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; script-src; script-src-elem; +10 more

default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://view.ceros.com https://www.googletagmanager.com https://code.jquery.com https://cdn.jsdelivr.net https://app-abk.marketo.com https://*.marketo.com https://*.ivans.com https://munchkin.marketo.net https://js.driftt.com https://*.driftt.com https://players.brightcove.net https://*.brightcove.com https://*.brightcove.net https://form.jotform.com https://*.jotform.com https://*.buzzsprout.com https://vwo.com https://*.vwo.com https://dev.visualwebsiteoptimizer.com https://*.visualwebsiteoptimizer.com https://cdn-cookieyes.com https://*.cookieyes.com https://vjs.zencdn.net https://*.zencdn.net https://*.boltdns.net https://snap.licdn.com https://*.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://*.bing.com https://static.oktopost.com https://*.oktopost.com https://tracking.g2crowd.com https://*.g2crowd.com https://js.idio.co https://*.idio.co https://cdn.bizible.com https://*.bizible.com https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://edge.api.brightcove.com https://cms.api.brightcove.com https://playback.api.brightcove.com https://analytics.api.brightcove.com https://sadmin.brightcove.com https://gallery.api.brightcove.com https://social.api.brightcove.com https://gallery-metrics.api.brightcove.com https://*.brightcovecdn.com https://manifest.prod.boltdns.net https://app.ezlynx.com https://*.ezlynx.com https://tracking-api.g2.com https://*.g2.com https://d1igp3oop3iho5.cloudfront.net https://connect.facebook.net https://js.zi-scripts.com https://*.zi-scripts.com https://ws-assets.zoominfo.com https://*.zoominfo.com https://www.google-analytics.com https://use.typekit.net https://p.typekit.net https://okt.to https://static.cloudflareinsights.com https://*.facebook.com https://*.fbcdn.net https://ajax.googleapis.com https://*.googleapis.com https://assets.ceros.com https://*.ceros.com https://cdn.rollbar.com https://cdn.intake-lr.com https://googleads.g.doubleclick.net https://*.doubleclick.net https://www.googleadservices.com https://*.googleadservices.com https://web-sdk.smartlook.com https://www.clickcease.com https://insight.appliedsystems.com https://templates.marketo.net https://creative-services.ceros.com https://s.adroll.com https://reg.eventmobi.com https://www.gstatic.com https://dyv6f9ner1ir9.cloudfront.net https://cdnjs.cloudflare.com https://*.marchex.io https://rw1.marchex.io https://www.appliednet.com https://az416426.vo.msecnd.net https://js.monitor.azure.com https://scdn.snapapp.com https://dyv6f9ner1ir9.cloudfront.net https://platform.twitter.com https://scripts.poll-maker.com https://cdn.cookielaw.org https://resources.ezlynx.com https://web-sdk-eu.aptrinsic.com https://cdn.siteimprove.net https://*.clarity.ms https://mountain.com https://*.mountain.com https://static.airtable.com https://*.airtable.com https://assets.adoberesources.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com https://*.google.com https://view.ceros.com https://www.googletagmanager.com https://code.jquery.com https://cdn.jsdelivr.net https://app-abk.marketo.com https://*.marketo.com https://*.ivans.com https://munchkin.marketo.net https://js.driftt.com https://*.driftt.com https://players.brightcove.net https://*.brightcove.com https://*.brightcove.net https://form.jotform.com https://*.jotform.com https://*.buzzsprout.com https://vwo.com https://*.vwo.com https://dev.visualwebsiteoptimizer.com https://*.visualwebsiteoptimizer.com https://js.driftt.com https://*.driftt.com https://cdn-cookieyes.com https://*.cookieyes.com https://vjs.zencdn.net https://*.zencdn.net https://*.boltdns.net https://snap.licdn.com https://*.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://*.bing.com https://static.oktopost.com https://*.oktopost.com https://tracking.g2crowd.com https://*.g2crowd.com https://js.idio.co https://*.idio.co https://cdn.bizible.com https://*.bizible.com https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://edge.api.brightcove.com https://cms.api.brightcove.com https://playback.api.brightcove.com https://analytics.api.brightcove.com https://sadmin.brightcove.com https://gallery.api.brightcove.com https://social.api.brightcove.com https://gallery-metrics.api.brightcove.com https://*.brightcovecdn.com https://manifest.prod.boltdns.net https://app.ezlynx.com https://*.ezlynx.com https://tracking-api.g2.com https://*.g2.com https://d1igp3oop3iho5.cloudfront.net https://connect.facebook.net https://js.zi-scripts.com https://*.zi-scripts.com https://ws-assets.zoominfo.com https://*.zoominfo.com https://www.google-analytics.com https://use.typekit.net https://p.typekit.net https://okt.to https://static.cloudflareinsights.com https://*.facebook.com https://*.fbcdn.net https://ajax.googleapis.com https://*.googleapis.com https://assets.ceros.com https://*.ceros.com https://cdn.rollbar.com https://cdn.intake-lr.com https://googleads.g.doubleclick.net https://*.doubleclick.net https://www.googleadservices.com https://*.googleadservices.com https://web-sdk.smartlook.com https://www.clickcease.com https://insight.appliedsystems.com https://templates.marketo.net https://creative-services.ceros.com https://s.adroll.com https://reg.eventmobi.com https://www.gstatic.com https://dyv6f9ner1ir9.cloudfront.net https://cdnjs.cloudflare.com https://*.marchex.io https://rw1.marchex.io https://www.appliednet.com https://az416426.vo.msecnd.net https://js.monitor.azure.com https://scdn.snapapp.com https://dyv6f9ner1ir9.cloudfront.net https://platform.twitter.com https://scripts.poll-maker.com https://cdn.cookielaw.org https://resources.ezlynx.com https://web-sdk-eu.aptrinsic.com https://cdn.siteimprove.net https://*.clarity.ms https://mountain.com https://*.mountain.com https://static.airtable.com https://*.airtable.com https://assets.adoberesources.net; style-src 'self' 'unsafe-inline' https://view.ceros.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://app-abk.marketo.com https://*.marketo.com https://*.ivans.com https://form.jotform.com https://*.jotform.com https://*.buzzsprout.com https://vwo.com https://*.vwo.com https://dev.visualwebsiteoptimizer.com https://*.visualwebsiteoptimizer.com https://js.driftt.com https://*.driftt.com https://cdn-cookieyes.com https://*.cookieyes.com https://vjs.zencdn.net https://*.zencdn.net https://*.boltdns.net https://snap.licdn.com https://*.licdn.com https://static.oktopost.com https://*.oktopost.com https://js.idio.co https://*.idio.co https://cdn.bizible.com https://*.bizible.com https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.brightcove.com https://*.brightcove.net https://*.brightcovecdn.com https://use.typekit.net https://p.typekit.net https://assets.ceros.com https://*.ceros.com https://d2yeu2mwujl2s5.cloudfront.net https://insight.appliedsystems.com https://templates.marketo.net https://www.appliednet.com https://resources.ezlynx.com https://web-sdk-eu.aptrinsic.com; font-src 'self' data: https://view.ceros.com https://fonts.gstatic.com https://cdn.jsdelivr.net https://app-abk.marketo.com https://*.marketo.com https://*.ivans.com https://form.jotform.com https://*.jotform.com https://vwo.com https://*.vwo.com https://js.driftt.com https://*.driftt.com https://cdn-cookieyes.com https://*.cookieyes.com https://vjs.zencdn.net https://*.zencdn.net https://static.oktopost.com https://*.oktopost.com https://js.idio.co https://*.idio.co https://cdn.bizible.com https://*.bizible.com https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.brightcove.com https://*.brightcove.net https://*.brightcovecdn.com https://use.typekit.net https://p.typekit.net https://media-s3-us-east-1.ceros.com https://*.appliedsystems.com https://www.appliednet.com https://resources.ezlynx.com https://dhm5hy2vn8l0l.cloudfront.net; img-src 'self' data: https: https://view.ceros.com https://www.googletagmanager.com https://app-abk.marketo.com https://*.marketo.com https://*.ivans.com https://players.brightcove.net https://*.brightcove.com https://*.brightcove.net https://form.jotform.com https://*.jotform.com https://*.buzzsprout.com https://vwo.com https://*.vwo.com https://dev.visualwebsiteoptimizer.com https://*.visualwebsiteoptimizer.com https://js.driftt.com https://*.driftt.com https://cdn-cookieyes.com https://*.cookieyes.com https://vjs.zencdn.net https://*.zencdn.net https://*.boltdns.net https://snap.licdn.com https://*.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://*.bing.com https://static.oktopost.com https://*.oktopost.com https://tracking.g2crowd.com https://*.g2crowd.com https://js.idio.co https://*.idio.co https://cdn.bizible.com https://*.bizible.com https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.brightcovecdn.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://okt.to https://www.appliednet.com https://resources.ezlynx.com https://mountain.com https://*.mountain.com; frame-src 'self' https://*.outgrow.us https://view.ceros.com https://www.googletagmanager.com https://www.google.com https://maps.google.com https://*.google.com https://form.asana.com https://*.asana.com https://airtable.com https://*.airtable.com https://td.doubleclick.net https://app-abk.marketo.com https://*.marketo.com https://*.ivans.com https://players.brightcove.net https://*.brightcove.com https://*.g2.com https://*.brightcove.net https://form.jotform.com https://*.jotform.com https://*.buzzsprout.com https://vwo.com https://*.vwo.com https://dev.visualwebsiteoptimizer.com https://*.visualwebsiteoptimizer.com https://js.driftt.com https://*.driftt.com https://cdn-cookieyes.com https://*.cookieyes.com https://static.oktopost.com https://*.oktopost.com https://js.idio.co https://*.idio.co https://*.brightcovecdn.com https://forms2.itswebs.com https://resources.ezlynx.com https://mountain.com https://*.mountain.com; connect-src 'self' https://www.googletagmanager.com https://app-abk.marketo.com https://*.marketo.com https://*.mktoutil.com https://*.ivans.com https://www.google.com https://google.com https://analytics.google.com https://dev.visualwebsiteoptimizer.com https://stats.g.doubleclick.net https://players.brightcove.net https://*.brightcove.com https://*.brightcove.net https://form.jotform.com https://*.jotform.com https://*.buzzsprout.com https://vwo.com https://*.vwo.com https://*.visualwebsiteoptimizer.com https://js.driftt.com https://*.driftt.com https://metrics.api.drift.com https://cdn-cookieyes.com https://*.cookieyes.com https://vjs.zencdn.net https://*.zencdn.net https://*.boltdns.net http://*.boltdns.net https://snap.licdn.com https://*.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://*.bing.com https://static.oktopost.com https://*.oktopost.com https://tracking.g2crowd.com https://*.g2crowd.com https://js.idio.co https://*.idio.co https://cdn.bizible.com https://*.bizible.com https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://web-sdk.smartlook.com https://*.smartlook.com https://*.smartlook.cloud https://manager.eu.smartlook.cloud https://edge.api.brightcove.com https://cms.api.brightcove.com https://playbook.api.brightcove.com https://analytics.api.brightcove.com https://sadmin.brightcove.com https://gallery.api.brightcove.com https://social.api.brightcove.com https://gallery-metrics.api.brightcove.com https://*.brightcovecdn.com https://manifest.prod.boltdns.net https://app.ezlynx.com https://*.ezlynx.com https://tracking-api.g2.com https://*.g2.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://okt.to https://www.facebook.com https://*.facebook.com https://js.zi-scripts.com https://*.zi-scripts.com https://ws-assets.zoominfo.com https://*.zoominfo.com https://373-dbf-030.mktoresp.com https://api.ceros.com https://media.ceros.com https://d1igp3oop3iho5.cloudfront.net https://*.marchex.io https://rw1.marchex.io https://www.appliednet.com https://www.google.ca https://*.google.ca https://resources.ezlynx.com https://esp-eu.aptrinsic.com https://my2.siteimprove.com https://*.clarity.ms https://*.compute.amazonaws.com https://mountain.com https://*.mountain.com https://44.238.122.172 https://100.20.58.101 https://35.85.84.151 https://44.228.85.26 https://34.215.155.61 https://35.160.46.251 https://52.71.121.170 https://18.210.229.244 https://44.212.189.233 https://3.212.39.155 https://52.22.50.55 https://54.156.2.105 https://*.cloud.adobe.io wss://*.cloud.adobe.io https://dc.services.visualstudio.com https://js.monitor.azure.com https://assets.adoberesources.net; media-src 'self' https://*.brightcove.com https://*.brightcove.net https://*.boltdns.net http://*.boltdns.net https://*.brightcovecdn.com https://media.ceros.com https://media-s3-us-east-1.ceros.com blob: data:; worker-src 'self' blob:; object-src 'none'; upgrade-insecure-requests; frame-ancestors 'self' https://*.ezlynx.com/ https://*.appliedsystems.com/ https://*.ivans.com/ https://*.agentinsure.com/ https://*.uatezlynx.com/ https://*.vtpezlynx.com/ https://*.devezlynx.com/ https://appliedsystems--devprob.sandbox.my.site.com/ https://appliedsystems--devproa.sandbox.my.site.com/ https://appliedsystems--uat.sandbox.my.site.com/ https://appliedsystems--uat.sandbox.my.site.com/AppliedClientCommunity/s/ https://community.appliedsystems.com/;

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

geolocation=(), microphone=(), camera=(), payment=(), usb=()

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking

Performance Headers

2 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Caching Headers

3 headers

Cache-Control

Caching

no-cache,no-store

Expires

Caching

-1

Pragma

Caching

no-cache

Content Headers

1 headers

Content-Type

Content

text/html; charset=utf-8

Server Headers

1 headers

Server

cloudflare

CORS Headers

4 headers

Access-Control-Allow-Credentials

Cors

false

Access-Control-Allow-Headers

Cors

Content-Type, Authorization, X-Requested-With, Accept, Origin, Cache-Control, Pragma

Access-Control-Allow-Methods

Cors

GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH

Access-Control-Allow-Origin

Cors

*

Cookies Headers

1 headers

Set-Cookie

Cookies

ARRAffinitySameSite=b8a5d5d13148f06b10b4a780acacfee3f0d5404171f8175965516e580331f79a;Path=/;HttpOnly;SameSite=None;Secure;Domain=www.ivans.com

Other Headers

5 headers

Alt-Svc

Other

h3=":443"; ma=86400

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9ca52cee89cdd65c-IAD

Date

Other

Sat, 07 Feb 2026 19:08:22 GMT

Request-Context

Other

appId=cid-v1:e40c5636-de7f-4cd3-bc1f-baabdefd5736

Recommendations

Enable compression (gzip/brotli) to improve performance