Open
Cached
·
just now
28
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=15552000; preload
Content-Security-Policy
Good
default-src; connect-src; font-src; +9 more
default-src 'self';connect-src 'self' pendo-static-6596631710793728.storage.googleapis.com *.pendo.io *.rewardstation.com *.rewardstation-live.com https://*.fontawesome.com https://*.smooch.io https://*.zdassets.com https://*.zendesk.com https://zendesk-eu.my.sentry.io https://*.zopim.com wss://*.smooch.io wss://*.zendesk.com wss://*.zopim.com;font-src 'self' data: *.bootstrapcdn.com *.jsdelivr.net *.rewardstation.com *.rewardstation-live.com https://*.fontawesome.com https://fonts.google.com/ https://fonts.gstatic.com https://unpkg.com/[email protected]/ https://use.typekit.net;form-action 'self';frame-ancestors 'none';frame-src 'self' nomination-assist.fly.dev *.rewardstation.com *.rewardstation-live.com https://js.stripe.com https://app.pendo.io;img-src 'self' data: pendo-static-6596631710793728.storage.googleapis.com *.pendo.io *.rewardstation.com *.rewardstation-live.com https://static.zdassets.com https://v2assets.zopim.io;media-src 'self' data: *.rewardstation.com *.rewardstation-live.com;object-src 'none';script-src 'self' api.smooch.io js.stripe.com *.jsdelivr.net pendo-io-static.storage.googleapis.com pendo-static-6596631710793728.storage.googleapis.com *.pendo.io https://*.smooch.io https://xceleration.sisense.com https://unpkg.com/[email protected]/ https://*.zdassets.com https://*.zendesk.com https://zendesk-eu.my.sentry.io https://*.zopim.com wss://*.smooch.io wss://*.zendesk.com wss://*.zopim.com;style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.jsdelivr.net pendo-static-6596631710793728.storage.googleapis.com *.pendo.io https://fonts.googleapis.com https://unpkg.com/[email protected]/;worker-src 'self' data:;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin
Permissions-Policy
Present
geolocation=(self), fullscreen=(self), autoplay=(self)
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Strengthen CSP by removing 'unsafe-eval'
Performance Headers
4 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Origin
Caching Headers
2 headers
Age
Caching
33994
Last-Modified
Caching
Thu, 22 Jan 2026 19:30:45 GMT
Content Headers
1 headers
Content-Type
Content
text/html
Server Headers
1 headers
Server
Server
cloudflare
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
__cf_bm=HWVr_2v7rOFhB1812dg5eUTmoA.FjRqBe7M.MROA2eI-1770252885-1.0.1.1-xMlHrZ3hZSjRiRx4A2Ba0NA4RjrQgzoaUiLIHgGom2a4i2.0xGwRcoMmoxj.6l_9V6DS0h1Y2PVU4tCKkWp2yBdhGI8wfKMUf2jjSA572io; path=/; expires=Thu, 05-Feb-26 01:24:45 GMT; domain=.sage.com; HttpOnly; Secure; SameSite=None
Other Headers
12 headers
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
9c8e7038bcddef65-IAD
Date
Other
Thu, 05 Feb 2026 00:54:45 GMT
Via
Other
1.1 8b49500bf8f9ec11f4fd4939e6ec97be.cloudfront.net (CloudFront)
X-Amz-Cf-Id
Other
nttNTq20Et6EdBUPi63-SfeSUUBw576CoYga7AqzETQDW0sIcUOXEA==
X-Amz-Cf-Pop
Other
IAD12-P5
X-Amz-Meta-Codebuild-Buildarn
Other
arn:aws:codebuild:us-east-1:886004726701:build/CloudFront-rsv8-modules-build-release:6ea560f9-81b0-4830-9dc9-dcc2a3201f00
X-Amz-Meta-Codebuild-Content-Md5
Other
5e615c0e70b0884ca57a31b6a38b20f7
X-Amz-Meta-Codebuild-Content-Sha256
Other
763a9dfce0f6ee6fb36a7a353100a58cfb9cb28f0b63469a01b2b68934122e4d
X-Amz-Server-Side-Encryption
Other
AES256
X-Amz-Version-Id
Other
hSXZ11YdsuejDamBfoIuNXGb.y.9BUh1
X-Cache
Other
Hit from cloudfront
Recommendations
Enable compression (gzip/brotli) to improve performance
Add Cache-Control header to optimize caching