Open
Cached
·
just now
17
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
same-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Consider adding Permissions-Policy to control browser features
Performance Headers
1 headers
Connection
Performance
close
Caching Headers
3 headers
Cache-Control
Caching
no-cache, no-store, must-revalidate
Expires
Caching
-1
Pragma
Caching
no-cache
Content Headers
2 headers
Content-Length
Content
79125
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
Server
Server
volt-adc
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
TS01dc4fc6=01fe16e01e5e77eab59bcbeca350f83d15701d45b499de6ac1dfc84462f6d51781f4c43a277642a8594fa4288ac3e4a62e7679f330; Path=/; Secure; HttpOnly; SameSite=Strict;
Other Headers
5 headers
Content-Security-Policy-Report-Only
Other
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-6da4ac79e4284e21a9f0b94e2a2a3ae1' https://mychart.ahn.org 'self';img-src https://* 'self' blob: data:;style-src https://mychart.ahn.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:;
Date
Other
Sun, 11 Jan 2026 15:59:22 GMT
Pics-Label
Other
(PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l on "2010.05.31T16:34-0400" exp "2100.12.31T12:00-0400" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0))
X-Envoy-Upstream-Service-Time
Other
27
X-Volterra-Location
Other
c-dc12-ash
Recommendations
Enable compression (gzip/brotli) to improve performance