SSL Verification Bypassed
The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.
Reason:
Hostname Mismatch - certificate is issued for *.tenderapp.com, tenderapp.com, not for support.nodebox.net
Open
Cached
·
just now
20
Headers
Detected Technologies from Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
X-Frame-Options
Present
allowall
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
Connection
keep-alive
Transfer-Encoding
chunked
connection: keep-alive transfer-encoding: chunked
Caching Headers
Cache-Control
max-age=0, private, must-revalidate
Etag
"1395e824620b69e4f99217713b22de5c"
cache-control: max-age=0, private, must-revalidate etag: "1395e824620b69e4f99217713b22de5c"
Content Headers
Content-Type
text/html; charset=utf-8
content-type: text/html; charset=utf-8
Server Headers
Server
nginx/1.20.1
X-Runtime
0.050664
server: nginx/1.20.1 x-runtime: 0.050664
CORS Headers
No CORS headers found
Cookies Headers
Other Headers
Date
Tue, 26 May 2026 16:03:53 GMT
P3p
CP="ALL DSP COR CUR ADM DEV OUR IND UNI"
X-Download-Options
noopen
X-Permitted-Cross-Domain-Policies
none
X-Rack-Cache
miss
X-Request-Id
03e47146da39dd2926b9367defcb68a5
X-Ua-Compatible
IE=Edge,chrome=1
date: Tue, 26 May 2026 16:03:53 GMT p3p: CP="ALL DSP COR CUR ADM DEV OUR IND UNI" x-download-options: noopen x-permitted-cross-domain-policies: none x-rack-cache: miss x-request-id: 03e47146da39dd2926b9367defcb68a5 x-ua-compatible: IE=Edge,chrome=1
Recommendations
Enable compression (gzip/brotli) to improve performance