HTTP Headers Analysis for https://paychekplusapply.com

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000 ; includeSubDomains

Content-Security-Policy

Basic

default-src; script-src; style-src; +1 more

default-src 'self' https: ws: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' admin.centralcardlab.com caihss.usbank.com cardlytics.fsvps.com consumer.centralcardlab.com insurance.usbankprepaidcards.com masteradmin.centralcardlab.com portal.cardaccesssite.com portal.clientaccesssite.com portal.paychekplus.com portalpvt.clientaccesssite.com portalpvt.paychekplus.com service.centralcardlab.com sms.fsvsecurecard.com sp.clientaccesssite.com www.accessmygc.com www.blueeliteapply.com www.centralcardlab.com www.elanprepaidcard.com www.elanrewardscard.com www.epaystubaccess.com www.epaystubplus.com www.fsvremote.com www.fsvsecurecard.com www.fsvwebservices.com www.mo-access.com www.myblueelite.com www.mychektoday.com www.mypayadvantage.com www.mysilverselect.com www.paychekplus.com www.paychekplusapply.com www.prepaidgiftbalance.com www.quickcardbalance.com www.rapidfs.com www.silverselectapply.com www.usbankaccelapay.com www.usbankexpensecard.com www.usbankfocus.com www.usbankfocusenroll.com www.usbankincentivecard.com www.usbankoptionscard.com www.usbankprepaidadmin.com www.usbankreliacard.com www.usbankrewardscard.com smetrics.usbank.com tags.tiqcdn.com cdn.appdynamics.com www.google.com www.googleadservices.com cdn.quantummetric.com www.googletagmanager.com googleads.g.doubleclick.net unpkg.com onlinebanking.usbank.com mpsnare.iesnare.com www.google-analytics.com bat.bing.com www.gstatic.com *.qualtrics.com *.socure.com *.marketingcloudapis.com *.apswebapps.com *.cpigateway.com *.creditsystem.com *.marketingcloudapis.com *.pendo.io *bank-dns.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' admin.centralcardlab.com caihss.usbank.com cardlytics.fsvps.com consumer.centralcardlab.com insurance.usbankprepaidcards.com masteradmin.centralcardlab.com portal.cardaccesssite.com portal.clientaccesssite.com portal.paychekplus.com portalpvt.clientaccesssite.com portalpvt.paychekplus.com service.centralcardlab.com sms.fsvsecurecard.com sp.clientaccesssite.com www.accessmygc.com www.blueeliteapply.com www.centralcardlab.com www.elanprepaidcard.com www.elanrewardscard.com www.epaystubaccess.com www.epaystubplus.com www.fsvremote.com www.fsvsecurecard.com www.fsvwebservices.com www.mo-access.com www.myblueelite.com www.mychektoday.com www.mypayadvantage.com www.mysilverselect.com www.paychekplus.com www.paychekplusapply.com www.prepaidgiftbalance.com www.quickcardbalance.com www.rapidfs.com www.silverselectapply.com www.usbankaccelapay.com www.usbankexpensecard.com www.usbankfocus.com www.usbankfocusenroll.com www.usbankincentivecard.com www.usbankoptionscard.com www.usbankprepaidadmin.com www.usbankreliacard.com www.usbankrewardscard.com smetrics.usbank.com tags.tiqcdn.com cdn.appdynamics.com www.google.com www.googleadservices.com cdn.quantummetric.com www.googletagmanager.com googleads.g.doubleclick.net unpkg.com onlinebanking.usbank.com mpsnare.iesnare.com www.google-analytics.com bat.bing.com www.gstatic.com *.qualtrics.com *.socure.com *.marketingcloudapis.com *.apswebapps.com *.cpigateway.com *.creditsystem.com *.marketingcloudapis.com *.pendo.io *bank-dns.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' admin.centralcardlab.com caihss.usbank.com cardlytics.fsvps.com consumer.centralcardlab.com insurance.usbankprepaidcards.com masteradmin.centralcardlab.com portal.cardaccesssite.com portal.clientaccesssite.com portal.paychekplus.com portalpvt.clientaccesssite.com portalpvt.paychekplus.com service.centralcardlab.com sms.fsvsecurecard.com sp.clientaccesssite.com www.accessmygc.com www.blueeliteapply.com www.centralcardlab.com www.elanprepaidcard.com www.elanrewardscard.com www.epaystubaccess.com www.epaystubplus.com www.fsvremote.com www.fsvsecurecard.com www.fsvwebservices.com www.mo-access.com www.myblueelite.com www.mychektoday.com www.mypayadvantage.com www.mysilverselect.com www.paychekplus.com www.paychekplusapply.com www.prepaidgiftbalance.com www.quickcardbalance.com www.rapidfs.com www.silverselectapply.com www.usbankaccelapay.com www.usbankexpensecard.com www.usbankfocus.com www.usbankfocusenroll.com www.usbankincentivecard.com www.usbankoptionscard.com www.usbankprepaidadmin.com www.usbankreliacard.com www.usbankrewardscard.com smetrics.usbank.com tags.tiqcdn.com cdn.appdynamics.com www.google.com www.googleadservices.com cdn.quantummetric.com www.googletagmanager.com googleads.g.doubleclick.net unpkg.com onlinebanking.usbank.com mpsnare.iesnare.com www.google-analytics.com bat.bing.com www.gstatic.com *.qualtrics.com *.socure.com *.marketingcloudapis.com *.apswebapps.com *.cpigateway.com *.creditsystem.com *.marketingcloudapis.com *.pendo.io *bank-dns.com;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

1 headers

Connection

Performance

close

Caching Headers

3 headers

Cache-Control

Caching

private, no-cache, no-store, must-revalidate

Expires

Caching

Thu, 01 Jan 1970 00:00:00 GMT

Pragma

Caching

no-cache

Content Headers

2 headers

Content-Length

Content

664

Content-Type

Content

text/html;charset=UTF-8

Server Headers

1 headers

Server

server

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

COOKIE_SUPPORT=true; Expires=Sun, 24 Jan 2027 10:43:58 GMT; Path=/; Secure; HttpOnly

Other Headers

1 headers

Date

Other

Sat, 24 Jan 2026 10:43:58 GMT

Recommendations

Enable compression (gzip/brotli) to improve performance