HTTP Headers Analysis for https://www.precisionlender.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; script-src; style-src; +12 more

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer-when-downgrade

Permissions-Policy

Present

accelerometer=(*), autoplay=(*), camera=(*), encrypted-media=(*), fullscreen=(*), geolocation=(*), gyroscope=(*), magnetometer=(*), microphone=(*), midi=(*), payment=(*), picture-in-picture=(*), sync-xhr=(*), usb=(*), clipboard-write=(*)

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'

Performance Headers

2 headers

Connection

Performance

keep-alive

Transfer-Encoding

Performance

chunked

Caching Headers

3 headers

Cache-Control

Caching

no-store, no-cache, must-revalidate

Etag

Caching

W/"94ad7d86bc252efd2bf21645db4dba33"

Last-Modified

Caching

Fri, 07 Nov 2025 10:21:18 GMT

Content Headers

1 headers

Content-Type

Content

text/html; charset=UTF-8

Server Headers

1 headers

Server

cloudflare

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

_cfuvid=yxCPSQMbsMdZuTzcRznGusX2T4R8VdOR2IAM97u7fq0-1762718028049-0.0.1.1-604800000; path=/; domain=.www.q2.com; HttpOnly; Secure; SameSite=None

Other Headers

16 headers

Alt-Svc

Other

h3=":443"; ma=86400

Cf-Ray

Other

99bfdbbaead83b3c-IAD

Content-Security-Policy-Report-Only

Other

script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=JXLh5NucAiCeMubGv1W6eyaHr.S1nnp3Iwml8UOtDvk-1762718028-1.0.1.1-vafXrXTfSABoGkBZAdR2HTWrYL0SKPpjsx2CQ0bPPxd0NODN9DQfWGYxidMD594gl_oF1iEiYZ4VRhgnhU9kYscLsi2tGhZkH_Fys2chSUYPdFvM5.Sw9uVwhtcuQI5sNsgvWNRm1gXYnNSeSVtQ6ZdSva6dU91xOVOGbFFUlqY; report-to cf-csp-endpoint

Date

Other

Sun, 09 Nov 2025 19:53:48 GMT

Edge-Cache-Tag

Other

CT-160753573422,P-7044196,CW-102379071093,CW-102379071095,CW-102379071098,CW-102379447684,CW-102379454293,CW-102380982173,CW-103490556982,CW-103490995268,CW-103490995281,CW-105463546169,CW-155446322271,CW-157895897748,CW-191986016413,E-102378065000,E-102378065008,E-102378985775,E-102378985778,E-102378985783,E-102379071107,E-102379071109,E-102379071111,E-102379258763,E-102379258765,E-102379258767,E-102379445420,E-102379445421,E-102379445422,E-102379447687,E-102379454315,E-102379454324,E-102380982182,E-102380982185,E-102951679585,E-103491024704,E-103640179623,E-109348757061,E-111437788316,E-111438452299,E-117953655627,E-156055520374,E-158735833755,E-163148657243,E-171797089320,E-182369584716,E-182369584719,PGS-ALL,SW-4,GC-103717217053,GC-125475360636,GC-125485556617,GC-167966791027,TS-102379454365

Link

Other

<https://cdn.cookielaw.org/scripttemplates/otSDKStub.js>; rel=preload; as=script,<https://fonts.googleapis.com>; rel=preconnect,<https://fonts.gstatic.com>; rel=preconnect,<https://fonts.googleapis.com/css2?family=Lexend:wght@300;400;500;600&display=swap>; rel=preload; as=style

Nel

Other

{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}

Report-To

Other

{"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=JXLh5NucAiCeMubGv1W6eyaHr.S1nnp3Iwml8UOtDvk-1762718028-1.0.1.1-vafXrXTfSABoGkBZAdR2HTWrYL0SKPpjsx2CQ0bPPxd0NODN9DQfWGYxidMD594gl_oF1iEiYZ4VRhgnhU9kYscLsi2tGhZkH_Fys2chSUYPdFvM5.Sw9uVwhtcuQI5sNsgvWNRm1gXYnNSeSVtQ6ZdSva6dU91xOVOGbFFUlqY"}],"group":"cf-csp-endpoint","max_age":86400}

X-Hs-Cache-Config

Other

BrowserCache-5s-EdgeCache-0s

X-Hs-Cache-Control

Other

s-maxage=36000, max-age=0

X-Hs-Cf-Cache-Status

Other

HIT

X-Hs-Cfworker-Meta

Other

{"contentType":"SITE_PAGE","resolver":"PreRenderedContentResolver"}