Open
Cached
·
just now
18
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Basic
frame-src; script-src; img-src; +1 more
frame-src 'self' login.devolutions.com login.devolutions.xyz paypal.com *.paypal.com *.paypalobjects.com checkout.stripe.com https://www.google.com devolutions--staging25.sandbox.my.salesforce.com webto.salesforce.com devolutions.my.salesforce.com https://www.googletagmanager.com https://td.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://checkout.stripe.com/checkout.js https://www.clarity.ms https://scripts.clarity.ms https://www.google.com/recaptcha/api.js webdevolutions.blob.core.windows.net *.googletagmanager.com *.google-analytics.com *.hotjar.com pi.pardot.com info.devolutions.net maps.googleapis.com *.paypal.com paypal.com *.synchronycredit.com synchronycredit.com *.paypal.cn www.recaptcha.net *.paypalobjects.com www.gstatic.com devolutions.my.salesforce.com devolutions.my.site.com *.salesforceliveagent.com static.lightning.force.com https://bat.bing.com https://snap.licdn.com https://googleads.g.doubleclick.net; img-src 'self' https://i0.wp.com/ui-avatars.com https://cdn.cookielaw.org https://c.clarity.ms webdevolutions.blob.core.windows.net https://cdnweb.devolutions.net secure.gravatar.com ui-avatars.com *.paypalobjects.com maps.gstatic.com www.google.com www.google.ca *.google-analytics.com *.googletagmanager.com *.paypal.com *.stripe.com i2.wp.com https://px.ads.linkedin.com https://c.bing.com data:; report-uri https://o325659.ingest.sentry.io/api/6089259/security/?sentry_key=3b286a0478534b77a5c39e8e3d47baf3&sentry_environment=store
X-Frame-Options
Good
sameorigin
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
same-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding
Caching Headers
3 headers
Cache-Control
Caching
max-age=300
Etag
Caching
W/"0e7196d90dc1:0"
Last-Modified
Caching
Wed, 28 Jan 2026 15:45:16 GMT
Content Headers
1 headers
Content-Type
Content
text/html
Server Headers
1 headers
Server
Server
cloudflare
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
__cf_bm=4goNMb9fVtH_6wLsgqbQXKFXxmPhojWBm36WNALaCDo-1770050517.5145285-1.0.1.1-lVZU62dPFTA7G0ddoLWFv3WaATYQrIRYYYVPbb94f5vsVHjWLAFpwjV.TNHMNmz75r12OAmv1ae9AFygCcFTlyMcgKnUFNhQzTzE64Vix4OczIBwIjmLPa.LOfek2Fqd; HttpOnly; Secure; Path=/; Domain=devolutions.net; Expires=Mon, 02 Feb 2026 17:11:57 GMT
Other Headers
4 headers
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
9c7b23967f7113b1-IAD
Date
Other
Mon, 02 Feb 2026 16:41:57 GMT
X-Robots-Tag
Other
all
Recommendations
Enable compression (gzip/brotli) to improve performance