Open
Cached
·
just now
13
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000; preload
Content-Security-Policy
Good
frame-ancestors; default-src; script-src; +6 more
frame-ancestors self https://www.vfc.com; default-src *.gstatic.com ir.stockpr.com www.vfc.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; script-src 'nonce-f1ed335348b4f99dda9a9e58edc3bb86950aa97c48f7b184a04f726617746603' *.equisolve.net qmod.quotemedia.com app.quotemedia.com www.google.com fonts.googleapis.com maps.googleapis.com *.vimeo.com *.youtube.com website-search.ent.us-east-1.aws.found.io fonts.gstatic.com *.google-analytics.com www.gstatic.com browser-update.org cdnjs.cloudflare.com *.googletagmanager.com cdn.jsdelivr.net d1s0e5i1d5m51g.cloudfront.net analytics.imirwin.com influxdb.quotemedia.com ir.stockpr.com www.vfc.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com; connect-src *.equisolve.net qmod.quotemedia.com app.quotemedia.com www.google.com fonts.googleapis.com maps.googleapis.com *.vimeo.com *.youtube.com website-search.ent.us-east-1.aws.found.io fonts.gstatic.com *.google-analytics.com www.gstatic.com browser-update.org cdnjs.cloudflare.com *.googletagmanager.com cdn.jsdelivr.net d1s0e5i1d5m51g.cloudfront.net analytics.imirwin.com influxdb.quotemedia.com ir.stockpr.com www.vfc.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com; style-src fonts.googleapis.com *.gstatic.com *.hcaptcha.com hcaptcha.com dev-ir.stockpr.com qmod.quotemedia.com static.c1.quotemedia.com cdnjs.cloudflare.com ir.stockpr.com www.vfc.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net 'unsafe-inline'; font-src cdnjs.cloudflare.com/ajax/libs/font-awesome/ fonts.googleapis.com *.gstatic.com static.c1.quotemedia.com ir.stockpr.com www.vfc.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; img-src i.ytimg.com qmod.quotemedia.com *.googletagmanager.com *.google-analytics.com chart.apis.google.com *.gstatic.com maps.googleapis.com *.businesswire.com *.vimeocdn.com s3.amazonaws.com/content.stockpr.com/ d32z8e2q3dzvu4.cloudfront.net data: c212.net pixel.mathtag.com ir.stockpr.com www.vfc.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; frame-src *.google.com youtube.com www.youtube.com youtube-nocookie.com www.youtube-nocookie.com vimeo.com player.vimeo.com *.hcaptcha.com hcaptcha.com storymaps.arcgis.com ir.stockpr.com www.vfc.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; object-src *.gstatic.com ir.stockpr.com www.vfc.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Strengthen CSP by removing 'unsafe-eval'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding
Caching Headers
1 headers
Cache-Control
Caching
max-age=300, must-revalidate
Content Headers
1 headers
Content-Type
Content
text/html; charset=UTF-8
Server Headers
1 headers
Server
Server
Apache
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
major_announcement=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0
Other Headers
1 headers
Date
Other
Fri, 02 Jan 2026 11:39:03 GMT
Recommendations
Enable compression (gzip/brotli) to improve performance