HTTP Headers Analysis for https://simplepractice.datagrail.io

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Good

default-src; script-src; style-src; +10 more

default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.merge.dev https://static.zdassets.com https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://pendo-static-6311385643745280.storage.googleapis.com https://data.pendo.io https://use.typekit.net https://apis.google.com https://us-west-2.aws.amazon.com https://dpeefs3k5hlj8.cloudfront.net https://widget.usepylon.com; style-src 'self' 'unsafe-inline' https://app.pendo.io https://cdn.pendo.io https://api.feedback.us.pendo.io https://pendo-static-6311385643745280.storage.googleapis.com https://us-west-2.aws.amazon.com https://dpeefs3k5hlj8.cloudfront.net https://*.usepylon.com; img-src 'self' https://*.datagrail.io https://assets-cyera-prod.privacy.cyera.io https://assets-cyera-stage.privacy-staging.cyera.io https://assets-cyera-prod-prototype.privacy-prototype.cyera.io https://assets-cyera-stage-prototype.privacy-staging-prototype.cyera.io https://d3tfv3tc6jdks8.cloudfront.net https://*.googleusercontent.com https://cdn.pendo.io https://app.pendo.io https://pendo-static-6311385643745280.storage.googleapis.com https://data.pendo.io https://static.intercomassets.com https://*.usepylon.com https://pylon-avatars.s3.us-west-1.amazonaws.com https://d3vl36l12sfx26.cloudfront.net; connect-src 'self' https://app.pendo.io https://data.pendo.io https://pendo-static-6311385643745280.storage.googleapis.com https://api.feedback.us.pendo.io https://sentry.io https://datagrail-quarantine-production.s3.us-west-2.amazonaws.com https://datagrail-quarantine-development.s3.us-west-2.amazonaws.com https://datagrail-quarantine-staging.s3.us-west-2.amazonaws.com https://datagrail-quarantine-cyera-prod.s3.us-west-2.amazonaws.com https://datagrail-quarantine-cyera-stage.s3.us-west-2.amazonaws.com https://datagrail-quarantine-cyera-stage-prototype.s3.us-west-2.amazonaws.com https://salesforce-datagrail-quarantine.s3.us-west-1.amazonaws.com https://datagrail-public-assets.s3.us-west-2.amazonaws.com https://datagrail-public-assets.s3.us-west-1.amazonaws.com https://*.usepylon.com wss://*.pusher.com; font-src 'self' https://assets-production.datagrail.io https://assets-staging.datagrail.io https://assets-devqa.datagrail.io https://assets-salesforceproduction.datagrail.io https://assets-salesforcestaging.datagrail.io https://assets-cyera-prod.privacy.cyera.io https://assets-cyera-stage.privacy-staging.cyera.io https://assets-cyera-stage-prototype.privacy-staging-prototype.cyera.io https://assets-cyera-prod-prototype.privacy-prototype.cyera.io https://fonts.gstatic.com https://use.fontawesome.com https://cdn.pendo.io data: https://*.usepylon.com; object-src 'none'; media-src 'self'; frame-src https://cdn.merge.dev https://app.pendo.io https://feedback.us.pendo.io https://portal.feedback.us.pendo.io https://us-west-2.quicksight.aws.amazon.com; base-uri 'self'; frame-ancestors https://app.pendo.io; child-src https://app.pendo.io; report-uri /_csp;

X-Frame-Options

Excellent

deny

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Strengthen CSP by removing 'unsafe-eval'
• Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Caching Headers

2 headers

Cache-Control

Caching

no-store, no-cache, max-age=0

Pragma

Caching

no-cache

Content Headers

1 headers

Content-Type

Content

text/html; charset=utf-8

Server Headers

1 headers

Server

nginx

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

_dg_app_session=94641fd03c34f20e267a869568277076; path=/; expires=Mon, 19 Jan 2026 09:06:51 GMT; secure; HttpOnly

Other Headers

8 headers

Date

Other

Sun, 18 Jan 2026 21:06:51 GMT

Via

Other

1.1 5f530432caa659f8479164b3918f641e.cloudfront.net (CloudFront)

X-Amz-Cf-Id

Other

rnLwx9D2ZLPf70AaupJwgzLoeXzyhOtlcb85LWzcNFitLTXMFMp4Mg==

X-Amz-Cf-Pop

Other

MCI50-P1

X-Cache

Other

Miss from cloudfront

X-Download-Options

Other

noopen

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

6f497b46-7e4d-41c9-83b9-9b580370d05e

Recommendations

Enable compression (gzip/brotli) to improve performance