HTTP Headers Analysis for https://testclaimxperience.com

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Good

frame-ancestors; default-src; font-src; +9 more

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Strengthen CSP by removing 'unsafe-eval'
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

Caching Headers

1 headers

Cache-Control

Caching

no-cache

Content Headers

1 headers

Content-Type

Content

text/html; charset=iso-8859-1

Server Headers

0 headers

No server headers found

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

incap_ses_1845_1350495=rNo3RlgqJlxuR8QUUcKaGSw0cmkAAAAAWw/1dSuW2ZLAuHSLlYjjcA==; path=/; Domain=.testclaimxperience.com; Secure; SameSite=None

Other Headers

7 headers

Content-Security-Policy-Report-Only

Other

frame-ancestors 'self'; default-src 'nonce-56ed43a6f81e53debd74dda3f4f9283e' 'strict-dynamic'; font-src 'self' data: fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://cdn.walkme.com/users/4351fcec0f5b403f93eb714dc275dffb/ https://*.kampyle.com https://www.gstatic.com/recaptcha/; worker-src 'self' blob:; script-src 'nonce-56ed43a6f81e53debd74dda3f4f9283e' 'strict-dynamic'; img-src 'self' blob: data: https:; media-src 'self' blob: https: https://*.xactimate.com https://*.xactcontents.com https://xactcontents.com https://xactware-claimx-us-test.s3.us-west-1.amazonaws.com https://*.testclaimxperience.com https://testclaimxperience.com; connect-src 'self' blob: https://www.google.com/recaptcha/ https://*.kampyle.com https://*.verisk.com https://*.xactware.com/ https://*.xactcontents.com/ https://xactcontents.com/ https://*.xactimate.com/ https://servicenotify.statuspage.io https://*.walkme.com https://*.launchdarkly.com https://maps.googleapis.com https://places.googleapis.com https://*.tokbox.com https://*.opentok.com wss://*.tokbox.com https://*.medallia.com https://xactware-claimx-us-test.s3.us-west-1.amazonaws.com https://*.testclaimxperience.com https://testclaimxperience.com https://*.contentstrack.com; frame-src 'self' blob: https://*.360-value.com https://nebula-cdn.kampyle.com https://www.google.com/recaptcha/ https://*.verisk.com https://servicenotify.statuspage.io https://www.youtube.com; object-src 'none'; base-uri 'self';

Date

Other

Thu, 22 Jan 2026 14:29:01 GMT

Server-Timing

Other

dtSInfo;desc="0", dtRpid;desc="557111049"

X-Cdn

Other

Imperva

X-Iinfo

Other

53-104426018-104426025 NNNN CT(91 165 0) RT(1769092141217 22) q(0 0 2 2) r(3 3) U24