HTTP Headers Analysis for https://mybenefits.aol.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Good

base-uri; child-src; connect-src; +9 more

base-uri 'self';child-src 'self' https://login.yahoo.net https://s.yimg.com https://s1.yimg.com;connect-src 'self' https://geo.yahoo.com https://server-dev.comet.yahoo.com https://server.comet.yahoo.com https://ws.progrss.yahoo.com https://udc.yahoo.com https://jsapi.login.yahoo.com https://www.yahoo.com https://3p-udc.yahoo.com https://3p-geo.yahoo.com https://www.google-analytics.com https://*.aol.com https://guce.aol.com/ https://ups.analytics.yahoo.com https://api.taboola.com/1.2/json/taboola-usersync/user.sync https://fn.or.ipqualityscore.com https://fn.eu.ipqualityscore.com https://fn.us.ipqualityscore.com https://fn.nc.ipqualityscore.com https://or.ipqualityscore.com https://fn.us.ipqsnet.com https://fn.eu.ipqsnet.com https://fn.nc.ipqsnet.com https://dtproxy5.yahoo.nc.clients.ipqs.com https://dtproxy6.yahoo.nc.clients.ipqs.com https://dtproxy5.yahoo.eu.clients.ipqs.com https://dtproxy6.yahoo.eu.clients.ipqs.com https://dtproxy5.yahoo.or.clients.ipqs.com https://dtproxy6.yahoo.or.clients.ipqs.com https://s.yimg.com;default-src 'self' https://s.yimg.com https://s1.yimg.com https://login.yahoo.net;font-src https://s.yimg.com https://s1.yimg.com;frame-src 'self' https://login.yahoo.net https://s.yimg.com https://s1.yimg.com https://*.aol.com https://www.aol.co.uk https://www.aol.de https://gpt.mail.yahoo.net/sandbox https://guce.oath.com/ https://opus.analytics.yahoo.com https://tsdtocl.com/;img-src 'self' data: https://yahoo.com https://ct.yimg.com https://s.yimg.com https://s1.yimg.com https://tw.yimg.com https://geo.yahoo.com https://socialprofiles.zenfs.com https://*.wc.yahoodns.net https://beap-bc.yahoo.com https://ws.progrss.yahoo.com https://log.fc.yahoo.com https://*.ah.yahoo.com https://pr-bh.ybp.yahoo.com https://fbcdn.net https://scontent.xx.fbcdn.net https://z-m-scontent.xx.fbcdn.net https://graph.facebook.com https://data.mail.yahoo.com https://platform-lookaside.fbsbx.com https://www.yahoo.com https://3p-geo.yahoo.com https://www.googletagmanager.com;media-src https://*.ah.yahoo.com https://s.yimg.com;object-src 'none';report-uri https://csp.yahoo.com/beacon/csp?src=mbr_account;script-src 'unsafe-inline' 'self' https://s.yimg.com https://s1.yimg.com https://jsapi.login.yahoo.com https://fc.yahoo.com https://e2e.fc.yahoo.com https://server-dev.comet.yahoo.com https://server.comet.yahoo.com https://www.googletagmanager.com https://opus.analytics.yahoo.com/tag/opus.js https://consent.cmp.oath.com/cmp.js 'nonce-lsG6OWS1E+NPb8OS2c/cm+Ssd10oHyspdBpj2Kcyb2fT7ysE' ;style-src * 'unsafe-inline'

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Strengthen CSP by removing 'unsafe-eval'
• Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers

Connection

Performance

keep-alive

Vary

Performance

Accept-Encoding

Caching Headers

4 headers

Age

Caching

0

Cache-Control

Caching

no-cache, no-store, must-revalidate

Expires

Caching

0

Pragma

Caching

no-cache

Content Headers

2 headers

Content-Length

Content

38644

Content-Type

Content

text/html; charset=utf-8

Server Headers

1 headers

Server

ATS

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

AS=v=1&s=isbGhD47&d=A69207546|GgZ4_g3.2SpOKH38N0Jr16QeTjF5s0pLzNEgM3nuRKSU6Ghmu7BSPZZRvWeTbk7JBnQzgcugK.cbYikVU87Wl3r2_X_uULSLE_NyS5J005ouULMECAdpXTF9nRyiegDdozPKdJtvlizXoxXD9g3TXy6XQs08wjENDb6y4iACmeLQDXixA4pibefFCKaKnyf02ISqSQyYkGB.L6D7aYdqvuhBCPx0_37bBH12LxSe8l7nI5QKxv.IXKHVk2xuIrYuvIjwbEULa4cXqWsh8.c.iNx1ouPRb.XPqMD417XR5z1rh1mSBmUyzxRwcf7A2cDohJqYWaA9zmamMSIUHlGkUZE0bGp4TvSMV.k81hf9wMNrqhVCBQVTB7SkpJsgk2FCc21jrJ0_DPzbgQyq8RsfBYfZafIywhGQLK6ENMjfsoC.vNZtByLN3AgzifQ36c8VEjckJyji5qlvBk3y52BDiKToFw3NnXtQiIzRD1ejRoqLm.QB9FztWtGkTUB4duUuJioilXDnak7NV.15VmJ8fjBXT2k1m0.z.7JEp_JtmpHaAnUDaPij_kevtqqYoJoC3ru1UFSM4KJqghoroBWb8FKfCl0HFGoLeBJuYGC1fyJWIAoEicO_7CDmA837TWPjKATcPSgsyK1.akTvLolNp4U_ssHWj.o294FBILBM_Vwk7gS8EgLgq7ObUZFua8nvlDsScpLJg_EjSJiDVi2iF6BTIYZBbSZSt4VsBV6vMWEDfa_v6uNW9CF130ahH9hhiR5GPAuFwmE03SuU5VBSHPvW8SqmDzNy5w18bT01KzNrXeuKXbYsPYw0vf4cjWXy2PGTDO2ByGz25.g-~A; path=/; domain=login.aol.com; secure; HttpOnly

Other Headers

1 headers

Date

Other

Thu, 20 Nov 2025 14:20:54 GMT

Recommendations

Enable compression (gzip/brotli) to improve performance