Open
Cached
·
just now
21
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Content-Security-Policy header to prevent XSS attacks
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
keep-alive
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding
Caching Headers
2 headers
Cache-Control
Caching
must-revalidate, no-cache, private
Expires
Caching
Sun, 19 Nov 1978 05:00:00 GMT
Content Headers
2 headers
Content-Language
Content
en
Content-Type
Content
text/html; charset=UTF-8
Server Headers
1 headers
Server
Server
nginx
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
8 headers
Alt-Svc
Other
h3=":443"; ma=86400
Content-Security-Policy-Report-Only
Other
default-src 'self' *.usgs.gov 'unsafe-inline' *.amazonaws.com *.arcgis.com 'unsafe-eval' *.arcgisonline.com *.hotjar.io *.google-analytics.com; script-src 'self' *.usgs.gov 'unsafe-inline' *.googletagmanager.com *.addtoany.com *.jsdelivr.net *.hotjar.com *.cfigroup.com *.cloud.gov *.gov *.youtube.com *.ytimg.com www.youtube.com s.ytimg.com *.google-analytics.com *.google-analytics.com connect.facebook.net *.youtube.com/iframe_api 'unsafe-eval' *.jquery.com *.cloudflare.com *.arcgis.com *.datatables.net *.dashjs.org *.googleapis.com; object-src noop.style; style-src 'self' *.usgs.gov 'unsafe-inline' *.fontawesome.com *.cloudflare.com *.arcgis.com *.datatables.net *.gstatic.com; img-src 'self' 'unsafe-inline' *.alaska.edu *.amazonaws.com *.arcgis.com *.arcgisonline.com *.cfigroup.com *.cloud.gov *.cloudflare.com *.fontawesome.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gov *.gstatic.com *.nationalmap.gov *.nationsonline.org *.opengeo.org *.openstreetmap.org *.pixelcaster.com *.staticflickr.com *.ucweb.com *.usgs.gov *.ytimg.com avo.alaska.edu cdnjs.cloudflare.com data: *.openstreetmap.org ; media-src 'self' *.usgs.gov 'unsafe-inline' *.gstatic.com *.google.pn *.amazonaws.com; frame-src 'self' 'unsafe-inline' *.addtoany.com *.googletagmanager.com *.prismaaccess.com *.saasprotection.com *.trendmicro.com *.trendmicro.jp *.usgs.gov safe.menlosecurity.com *.youtube.com www.youtube.com; font-src 'self' 'unsafe-inline' *.alicdn.com *.amazonaws.com *.arcgis.com *.fontawesome.com *.gstatic.com *.jsdelivr.net *.mustcheck.com *.simplycodes.com *.slant.co *.typekit.net *.usgs.gov cdn.goin.cloud cdn.scite.ai data:; connect-src 'self' 'unsafe-inline' *.amazonaws.com *.arcgis.com *.arcgisonline.com *.cloud.gov *.cloudfront.net *.fontawesome.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gov *.gstatic.com *.hotjar.com *.hotjar.io *.jsdelivr.net *.usgs.gov cdn.jsdelivr.net wss://ws.hotjar.com
Date
Other
Thu, 06 Nov 2025 07:05:37 GMT
Via
Other
1.1 64d4305f6a0418824e90908ac490184e.cloudfront.net (CloudFront)
X-Amz-Cf-Id
Other
T8W2hLzQGdqErdjs2v5ssJ1wENQYQkLqeWdFItCZTR3jOaikoIQMXg==
X-Amz-Cf-Pop
Other
IAD61-P10
X-Cache
Other
Miss from cloudfront
X-Generator
Other
Drupal 10 (https://www.drupal.org)
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 1ms