Open
Cached
·
just now
25
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=63072000; includeSubDomains
Content-Security-Policy
Good
default-src; object-src; frame-ancestors; +13 more
default-src 'self'; object-src 'none'; frame-ancestors 'self'; base-uri 'self'; script-src 'self' content.pendo-tio.tenable.com app.pendo.io cdn.pendo.io pendo-io-static.storage.googleapis.com pendo-static-6670168804032512.storage.googleapis.com data.pendo.io challenges.cloudflare.com www.datadoghq-browser-agent.com cdn.ravenjs.com cdn.astronomer.io cdn.metarouter.io cdn.amplitude.com static.cloudflareinsights.com platform.cloud.coveo.com info.tenable.com app.getbeamer.com backend.getbeamer.com static.getbeamer.com 'sha256-hiLNVf8Wb4hkpMRvUiZXP0xD5krU++OYspwRDiFAwzg='; style-src 'self' app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-6670168804032512.storage.googleapis.com content.pendo-tio.tenable.com platform.cloud.coveo.com app.getbeamer.com 'unsafe-inline'; img-src 'self' app.pendo.io cdn.pendo.io content.pendo-tio.tenable.com pendo-io-static.storage.googleapis.com pendo-static-6670168804032512.storage.googleapis.com data.pendo-tio.tenable.com data.pendo.io app.getbeamer.com data: blob:; font-src 'self' fonts.gstatic.com cdn.pendo.io data:; connect-src 'self' pendo-static-6670168804032512.storage.googleapis.com data: app.pendo.io data.pendo-tio.tenable.com content.pendo-tio.tenable.com data.pendo.io backend.getbeamer.com rum-http-intake.logs.datadoghq.com *.browser-intake-datadoghq.com e.metarouter.io api.amplitude.com api2.amplitude.com cdn.amplitude.com analytics.cloud.coveo.com tenable.com www.tenable.com api.tenable.com; child-src 'self' www.youtube.com s.ytimg.com; frame-src app.getbeamer.com app.pendo.io www.youtube.com s.ytimg.com challenges.cloudflare.com; worker-src 'self' blob:; report-to tenable-cloud-csp; block-all-mixed-content; upgrade-insecure-requests; report-uri /csp-reports;
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Strengthen CSP by removing 'unsafe-eval'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
origin,accept-encoding
Caching Headers
2 headers
Cache-Control
Caching
max-age=3600, must-revalidate, public
Etag
Caching
W/"eda1e0c55d7896933b7cc13492447b14"
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
Server
Server
cloudflare
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
11 headers
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
9bbf6a87b9581f96-IAD
Date
Other
Sat, 10 Jan 2026 21:55:00 GMT
Nel
Other
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Report-To
Other
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=av%2FA%2Fy3sLzIOvew8bG591yWEY1ujAMA1GJysLhyRzfg%2FUKyvTE1m7gnOGreOVEzLIac18WBNDyD8yJl%2FnIniFiNbb9aqPnkdkPmA5kyirDwmlvu46ULRhS3dQkWXVydKZT4FW%2FCPF0xU"}],"group":"cf-nel","max_age":604800}
Reporting-Endpoints
Other
tenable-cloud-csp=/csp-reports
X-Cache-Status
Other
HIT
X-Download-Options
Other
noopen
X-Gateway-Site-Id
Other
service-nginx-router-us-east-1-prod-7f77646976-cxwk4
X-Request-Uuid
Other
d466e2dcf4464fe3ec833f950491b45d
X-Robots-Tag
Other
noindex, nofollow
Recommendations
Enable compression (gzip/brotli) to improve performance