HTTP Headers Analysis for https://partner.packetpower.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

form-action; default-src; script-src; +9 more

form-action *.abbvie.com *.anico.com *.believer.gg *.carevalue.com *.dominos.com *.franconnect.net *.healthmart.com *.hinousa.com *.kp.org *.mathworks.com *.okta-emea.com *.okta.com *.oktapreview.com *.onelogin.com *.salesforce.com *.texasfarmbureau.org *.ttisi.com *.txfb-ins.com *.zoomcare.com www.toshibacommerce.com 'self' idp.cressetcapital.com umshibp.olemiss.edu *.interceptpharma.com *.segra.com *.volvo.com www.swppbranding.com *.my.site.com printreleaf.com *.thempxgroup.com https://samltest.id sso.colpal.com *.d2l.org *.trimble.com *.microsoftonline.com *.primetherapeutics.com *.healthsouth.com *.sciquest.com *.fa.ocs.oraclecloud.com *.americannational.com *.coupahost.com *.verian.com https://identity.trimble.com *.gaf.com *.wax-uat.com *.wrberkley.com agent.seniorlifeinsurancecompany.com trojanbattery.my.salesforce.com https://*.appl.kp.org https://*.oraclecloud.com https://ariba.jmfamily.com https://*.ariba.com https://stage.id.trimblecloud.com ship.visualogistix.com *.punchout2go.com *.equallevel.com https://myaccess.aramark.com https://medigold.maranagroupmarketplace.com *.atrihub.com https://core.hinonet.net https://*.myworkday.com https://*.workday.com https://*.trinity-health.org https://*.trinity-health.org; default-src 'self' https://static.zdassets.com https://ekr.zdassets.com *.zendesk.com wss://*.zendesk.com; script-src * 'unsafe-eval' 'unsafe-inline' data: https://tally.so; frame-src 'self' https://downloads.mypropago.com https://download.mypropago.com mpx-ftp.com umshibp.olemiss.edu player.vimeo.com *.equallevel.com idp.cressetcapital.com portal.mypropago.com *.volvo.com *.usadata.com *.my.site.com sso.wbd.com *.marq.com account.thempxgroup.com www.cognitoforms.com app.lucidpress.com printreleaf.com *.printreleaf.com *.jotform.com *.drummond.com https://*.mypropago.com https://hyvee-mittera.paperform.co *.monday.com https://*.oraclecloud.com https://ariba.jmfamily.com https://*.ariba.com https://*.google.com https://*.spreedly.com https://*.youtube.com https://visualogistix.wufoo.com www.swppbranding.com https://forms.zohopublic.com https://*.visualogistix.com https://*.vimeo.com https://viegamedia.com https://app.gogrow.com/ https://*.smartsheet.com https://*.sciquest.com https://tally.so https://*.myworkday.com https://*.workday.com https://*.trinity-health.org mailto: https://*.trinity-health.org; frame-ancestors 'self' mpx-ftp.com *.interceptpharma.com *.segra.com player.vimeo.com umshibp.olemiss.edu *.equallevel.com idp.cressetcapital.com portal.mypropago.com *.volvo.com *.my.site.com sso.wbd.com *.usadata.com account.thempxgroup.com www.cognitoforms.com *.marq.com app.lucidpress.com printreleaf.com *.printreleaf.com *.jotform.com *.drummond.com https://*.oraclecloud.com https://ariba.jmfamily.com https://*.ariba.com https://viegamedia.com https://*.punchout2go.com https://*.smartsheet.com ship.visualogistix.com *.transaxions.co.uk https://*.sciquest.com https://us.marketingbydeluxe.com *.monday.com https://*.myworkday.com https://*.workday.com https://*.trinity-health.org https://alkermes-veeva.my.salesforce.com https://alkermes-veeva--c.sandbox.vf.force.com https://*.trinity-health.org https://*.b2clogin.com; style-src * 'unsafe-inline'; media-src * data:; connect-src 'self' ws: *.acsbapp.com https://translate-pa.googleapis.com https://www.google.com *.google-analytics.com mpx-ftp.com umshibp.olemiss.edu player.vimeo.com *.equallevel.com sso.wbd.com *.my.site.com account.thempxgroup.com www.cognitoforms.com printreleaf.com *.printreleaf.com stats.g.doubleclick.net *.monday.com ekr.zdassets.com *.zendesk.com *.zopim.io *.zopim.com https://bam.nr-data.net http://jigsaw.w3.org/css-validator/ wss: *.facebook.com *.google.com www.waterouspromo.com https://kendo.cdn.telerik.com https://unpkg.com https://cdn.jsdelivr.net; object-src * data:; img-src * data: blob:; font-src 'self' *.accessibly.app https://fonts.gstatic.com *.unpkg.com https://unpkg.com https://kendo.cdn.telerik.com *.bootstrapcdn.com data: *.zopim.io *.zopim.com cdn.jsdelivr.net cdnjs.cloudflare.com; report-uri https://portal.mypropago.com/Security/CspViolations;

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

same-origin

Permissions-Policy

Present

microphone()

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking

Performance Headers

1 headers

Connection

Performance

close

Caching Headers

3 headers

Cache-Control

Caching

no-cache, no-store, must-revalidate

Expires

Caching

-1

Pragma

Caching

no-cache

Content Headers

2 headers

Content-Length

Content

35349

Content-Type

Content

text/html; charset=utf-8

Server Headers

1 headers

Server

Apache

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

SERVERID=WAF-FrontEnd-FLB_internal|aXC9B|aXC9B; path=/; SameSite=Strict

Other Headers

1 headers

Date

Other

Wed, 21 Jan 2026 10:48:28 GMT

Recommendations

Enable compression (gzip/brotli) to improve performance