Open
Cached
·
just now
25
Headers
Detected Technologies from Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=63072000; includeSubDomains
Content-Security-Policy
Good
default-src; object-src; frame-ancestors; +13 more
default-src 'self'; object-src 'none'; frame-ancestors 'self'; base-uri 'self'; script-src 'self' content.pendo-tio.tenable.com app.pendo.io cdn.pendo.io pendo-io-static.storage.googleapis.com pendo-static-6670168804032512.storage.googleapis.com data.pendo.io challenges.cloudflare.com www.datadoghq-browser-agent.com cdn.ravenjs.com cdn.astronomer.io cdn.metarouter.io cdn.amplitude.com static.cloudflareinsights.com platform.cloud.coveo.com info.tenable.com app.getbeamer.com backend.getbeamer.com static.getbeamer.com 'sha256-hiLNVf8Wb4hkpMRvUiZXP0xD5krU++OYspwRDiFAwzg='; style-src 'self' app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-6670168804032512.storage.googleapis.com content.pendo-tio.tenable.com platform.cloud.coveo.com app.getbeamer.com 'unsafe-inline'; img-src 'self' app.pendo.io cdn.pendo.io content.pendo-tio.tenable.com pendo-io-static.storage.googleapis.com pendo-static-6670168804032512.storage.googleapis.com data.pendo-tio.tenable.com data.pendo.io app.getbeamer.com data: blob:; font-src 'self' fonts.gstatic.com cdn.pendo.io data:; connect-src 'self' pendo-static-6670168804032512.storage.googleapis.com data: app.pendo.io data.pendo-tio.tenable.com content.pendo-tio.tenable.com data.pendo.io backend.getbeamer.com rum-http-intake.logs.datadoghq.com *.browser-intake-datadoghq.com e.metarouter.io api.amplitude.com api2.amplitude.com cdn.amplitude.com analytics.cloud.coveo.com tenable.com www.tenable.com api.tenable.com; child-src 'self' www.youtube.com s.ytimg.com; frame-src app.getbeamer.com app.pendo.io www.youtube.com s.ytimg.com challenges.cloudflare.com; worker-src 'self' blob:; report-to tenable-cloud-csp; block-all-mixed-content; upgrade-insecure-requests; report-uri /csp-reports;
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Strengthen CSP by removing 'unsafe-eval'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
close
Transfer-Encoding
chunked
Vary
origin,accept-encoding
Caching Headers
2 headers
Cache-Control
max-age=3600, must-revalidate, public
Etag
W/"d9b65a3880a794ca2e7e7641f3366878"
Content Headers
1 headers
Content-Type
text/html; charset=utf-8
Server Headers
1 headers
Server
cloudflare
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
11 headers
Cf-Cache-Status
DYNAMIC
Cf-Ray
9ce5fde9fa8fd6b8-IAD
Date
Sun, 15 Feb 2026 15:55:50 GMT
Nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UngwSAJNUZMjm88V75OdbggVU%2BTDJJegO3Ky8CRImme6DlWPGOV1vbdWTuap9SlCY%2FIhuJ1CUSrPpT2kxdZ1ICBU41CXDRNSAPVgKi%2Bm6cN7yl0h%2FF366FuStzHaIQp6micgixIUHvkP"}],"group":"cf-nel","max_age":604800}
Reporting-Endpoints
tenable-cloud-csp=/csp-reports
X-Cache-Status
HIT
X-Download-Options
noopen
X-Gateway-Site-Id
service-nginx-router-us-east-1-prod-84f7fbb559-wksgg
X-Request-Uuid
2cf3d9363327b0fad8badff9354c5915
X-Robots-Tag
noindex, nofollow
Recommendations
Enable compression (gzip/brotli) to improve performance