HTTP Headers Analysis for https://status.vmpms.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63113904; includeSubDomains; preload

Content-Security-Policy

Basic

base-uri; frame-ancestors; connect-src; +8 more

base-uri 'self'; frame-ancestors 'self' https://betterstack.com https://uptime.betterstack.com https://telemetry.betterstack.com https://direct.betterstack.com https://errors.betterstack.com https://warehouse.betterstack.com https://agents.betterstack.com; connect-src 'self' betterstack.com uptime.betterstack.com telemetry.betterstack.com direct.betterstack.com errors.betterstack.com warehouse.betterstack.com agents.betterstack.com wss://betterstack.com wss://uptime.betterstack.com wss://telemetry.betterstack.com wss://direct.betterstack.com wss://errors.betterstack.com wss://warehouse.betterstack.com wss://agents.betterstack.com betterstackcdn.com cdnjs.betterstack.com cdnjs.betterstackcdn.com betterstack-organization-logos.s3.us-west-002.backblazeb2.com betterstack-team-logos.s3.us-west-002.backblazeb2.com betterstack-user-avatars.s3.us-west-002.backblazeb2.com *.okta.com *.sentry.io https://api.stripe.com https://chat-assets.frontapp.com https://chat.frontapp.com https://us-west-1-chat-server.frontapp.com https://us-west-2-chat-server.frontapp.com https://eu-west-1-chat-server.frontapp.com wss://front-us-realtime.ably.io wss://front-eu-realtime.ably.io https://chat-webhook.frontapp.com *.bugsnag.com https://*.browser-intake-datadoghq.com https://internet-up.ably-realtime.com www.google.com www.google.ca www.google.co.uk www.google.de www.google.fr www.google.es www.google.it www.google.nl www.google.jp www.google.au www.google.ru www.google.br www.google.in www.google.cn www.google.sg www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.br www.google.com.co www.google.com.eg www.google.com.hk www.google.com.id www.google.com.il www.google.com.in www.google.com.jp www.google.com.kr www.google.com.mx www.google.com.my www.google.com.nz www.google.com.ph www.google.com.pk www.google.com.sg www.google.com.tr www.google.com.ua www.google.co.za *.google-analytics.com www.google-analytics.com *.doubleclick.net www.google.com/pagead/ www.google.com/ccm/collect adservice.google.com www.googleadservices.com www.googletagmanager.com googleads.g.doubleclick.net https://connect.facebook.net https://www.facebook.com/tr https://www.facebook.com/tr/ ads.linkedin.com *.ads.linkedin.com pixel-config.reddit.com www.redditstatic.com conversions-config.reddit.com https://plausible.io bat.bing.com bat.bing.net https://static.ads-twitter.com https://analytics.twitter.com https://snap.licdn.com https://t.betterstack.com https://upload.imagedelivery.net *.betterstackdata.com; font-src 'self' betterstackcdn.com https://fonts.gstatic.com https://use.typekit.net https://chat-assets.frontapp.com; frame-src 'self' https://betterstack.com https://uptime.betterstack.com https://telemetry.betterstack.com https://direct.betterstack.com https://errors.betterstack.com https://warehouse.betterstack.com https://agents.betterstack.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.googletagmanager.com https://td.doubleclick.net https://bid.g.doubleclick.net https://www.youtube.com https://www.facebook.com https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com newsletter.betterstack.com betterstack.substack.com www.loom.com www.youtube.com; form-action *; style-src 'report-sample' 'self' 'unsafe-inline' betterstackcdn.com cdnjs.betterstack.com cdnjs.betterstackcdn.com https://fonts.googleapis.com blob:; script-src 'report-sample' 'self' 'unsafe-eval' betterstackcdn.com cdnjs.betterstack.com cdnjs.betterstackcdn.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.js.stripe.com https://js.stripe.com https://chat-assets.frontapp.com *.google-analytics.com www.google-analytics.com *.doubleclick.net www.google.com/pagead/ www.google.com/ccm/collect adservice.google.com www.googleadservices.com www.googletagmanager.com googleads.g.doubleclick.net https://connect.facebook.net https://www.facebook.com/tr https://www.facebook.com/tr/ ads.linkedin.com *.ads.linkedin.com pixel-config.reddit.com www.redditstatic.com conversions-config.reddit.com https://plausible.io bat.bing.com bat.bing.net https://static.ads-twitter.com https://analytics.twitter.com https://snap.licdn.com https://t.betterstack.com 'nonce-285fabadf2d5d19ffd134eb271e14b0a'; worker-src 'report-sample' 'self' blob: betterstackcdn.com cdnjs.betterstack.com cdnjs.betterstackcdn.com; img-src 'self' blob: data: betterstackcdn.com cdnjs.betterstack.com cdnjs.betterstackcdn.com www.gravatar.com ui-avatars.com https://*.wp.com/ui-avatars.com/api/ betterstack-organization-logos.s3.us-west-002.backblazeb2.com betterstack-team-logos.s3.us-west-002.backblazeb2.com betterstack-user-avatars.s3.us-west-002.backblazeb2.com https://imagedelivery.net https://imagedelivery.betterstackcdn.com https://betterstack.com/cdn-cgi/image/ https://betterstackcdn.com/cdn-cgi/image/ https://chat.frontapp.com https://chat-assets.frontapp.com https://chat-assets.frontusercontent.com https://nibbler.frontapp.com www.google.com www.google.ca www.google.co.uk www.google.de www.google.fr www.google.es www.google.it www.google.nl www.google.jp www.google.au www.google.ru www.google.br www.google.in www.google.cn www.google.sg www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.br www.google.com.co www.google.com.eg www.google.com.hk www.google.com.id www.google.com.il www.google.com.in www.google.com.jp www.google.com.kr www.google.com.mx www.google.com.my www.google.com.nz www.google.com.ph www.google.com.pk www.google.com.sg www.google.com.tr www.google.com.ua www.google.co.za *.google-analytics.com *.doubleclick.net www.google.com google.com https://alb.reddit.com linkedin.com *.linkedin.com bat.bing.com bat.bing.net https://www.facebook.com www.googletagmanager.com https://t.co/i/ https://t.co/1/ https://analytics.twitter.com img.youtube.com i.ytimg.com; default-src 'self'

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

Caching Headers

3 headers

Age

Caching

9601

Cache-Control

Caching

public, max-age=14400

Etag

Caching

W/"3b8e61df1ff6b7d63aeee26bfd50341a"

Content Headers

1 headers

Content-Type

Content

text/html; charset=utf-8

Server Headers

2 headers

Server

cloudflare

X-Runtime

Server

0.033842

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

12 headers

Cf-Cache-Status

Other

HIT

Cf-Ray

Other

9c3b5f3ab9925831-IAD

Cross-Origin-Embedder-Policy-Report-Only

Other

require-corp; report-to csp-endpoint

Cross-Origin-Opener-Policy-Report-Only

Other

same-origin; report-to csp-endpoint

Date

Other

Sun, 25 Jan 2026 22:57:51 GMT

Feature-Policy

Other

accelerometer 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; usb 'none'

Link

Other

</static/fonts/Helvetica/HelveticaNowText-Regular.woff2>; rel=preload; as=font; type=font/woff2; crossorigin=anonymous,</static/fonts/Helvetica/HelveticaNowText-Medium.woff2>; rel=preload; as=font; type=font/woff2; crossorigin=anonymous,</static/fonts/Helvetica/HelveticaNowText-Bold.woff2>; rel=preload; as=font; type=font/woff2; crossorigin=anonymous,</static/fonts/Helvetica/HelveticaNowDisplay-Medium.woff2>; rel=preload; as=font; type=font/woff2; crossorigin=anonymous,</static/fonts/Helvetica/HelveticaNowDisplay-Bold.woff2>; rel=preload; as=font; type=font/woff2; crossorigin=anonymous,<https://betterstackcdn.com/assets/betterstack_v2-05d0cac3.css>; rel=preload; as=style; nopush

Nel

Other

{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}

Report-To

Other

{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=M%2FkaKHc%2Fp18kUEruR57onOwHi0K4LHoawViVzJ%2FzpSPzFfZNl67FmiV5U89Pl28MxQbsyJXvP%2F31XfdiLZuz6ddWTgwXGeuU1hs%2FTv1w"}]}

Reporting-Endpoints

Other

csp-endpoint="https://in.logs.betterstack.com?source_token=YL7XTJoy3Cde1sKqsqzs1j89"

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

2104b690-423e-4882-8c45-f6ac0e2d5409

Recommendations

Enable compression (gzip/brotli) to improve performance