HTTP Headers Analysis for https://testonexperience.com

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Good

frame-ancestors; default-src; font-src; +9 more

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Strengthen CSP by removing 'unsafe-eval'
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

Caching Headers

1 headers

Cache-Control

Caching

no-cache

Content Headers

1 headers

Content-Type

Content

text/html; charset=iso-8859-1

Server Headers

0 headers

No server headers found

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

incap_ses_1848_2035797=1n1rXKZ4BFGc//ZdrGqlGYSmbmkAAAAAl3ro2SMrofQjA34/BikbHg==; path=/; Domain=.testonexperience.com; Secure; SameSite=None

Other Headers

7 headers

Content-Security-Policy-Report-Only

Other

frame-ancestors 'self'; default-src 'nonce-3cf9037dd03398d97222effe93c7ec5e' 'strict-dynamic'; font-src 'self' data: fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://cdn.walkme.com/users/4351fcec0f5b403f93eb714dc275dffb/ https://*.kampyle.com https://www.gstatic.com/recaptcha/; worker-src 'self' blob:; script-src 'nonce-3cf9037dd03398d97222effe93c7ec5e' 'strict-dynamic'; img-src 'self' blob: data: https:; media-src 'self' blob: https: https://*.xactimate.com https://*.xactcontents.com https://xactcontents.com https://xactware-onexperience-us-test.s3.us-west-2.amazonaws.com https://*.testonexperience.com https://testonexperience.com; connect-src 'self' blob: https://www.google.com/recaptcha/ https://*.kampyle.com https://*.verisk.com https://*.xactware.com/ https://*.xactcontents.com/ https://xactcontents.com/ https://*.xactimate.com/ https://servicenotify.statuspage.io https://*.walkme.com https://*.launchdarkly.com https://maps.googleapis.com https://places.googleapis.com https://*.tokbox.com https://*.opentok.com wss://*.tokbox.com https://*.medallia.com https://xactware-onexperience-us-test.s3.us-west-2.amazonaws.com https://*.testonexperience.com https://testonexperience.com; frame-src 'self' blob: https://*.360-value.com https://nebula-cdn.kampyle.com https://www.google.com/recaptcha/ https://*.verisk.com https://servicenotify.statuspage.io https://www.youtube.com; object-src 'none'; base-uri 'self';

Date

Other

Mon, 19 Jan 2026 21:47:48 GMT

Server-Timing

Other

dtSInfo;desc="0", dtRpid;desc="1164038162"

X-Cdn

Other

Imperva

X-Iinfo

Other

58-131860743-131860755 NNNN CT(80 170 0) RT(1768859268487 27) q(0 0 2 0) r(3 3) U24