HTTP Headers Analysis for https://www.tradier.com

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Good

default-src; script-src; script-src-elem; +7 more

default-src 'self' stonly.com *.stonly.com; script-src 'self' 'nonce-alpine-MaLc0onroV' 'nonce-alpine-qS9DMu3gQ1' 'nonce-alpine-qNqU8FaR3S' 'nonce-tradier-OaJPZFGS2o' 'nonce-tradier-e7I7ezUpVY' 'nonce-tradier-767oCEojoK' 'nonce-tradier-QvH5UIzAaB' 'nonce-tradier-9bicLG8b25' 'nonce-tradier-T1sY0OxPFY' 'nonce-tradier-luIFuFKAp9' 'nonce-tradier-uq3w1Vr51E' 'nonce-tradier-8TMzHh1C8V' 'nonce-tradier-dET8k2kJQl' 'nonce-tradier-vE0oJwx3HO' 'nonce-tradier-j10EVOLasq' 'nonce-tradier-4LAjh2qL21' 'nonce-stonly-tYLDXOjX76' 'nonce-stonly-WTm0JyEsqM' embed.typeform.com js.hsforms.net www.googletagmanager.com *.doubleclick.net d.adroll.com s.adroll.com googleads.g.doubleclick.net *.wisepops.com app.getwisp.co wisepops.net cdn.wisepops.net stonly.com *.stonly.com; script-src-elem 'self' netlify-rum.netlify.app vercel.live/_next-live/feedback/feedback.js connect.facebook.net www.googletagmanager.com www.google-analytics.com embed.typeform.com js.hsforms.net js.hs-scripts.com *.adroll.com js.hs-banner.com js.hsadspixel.net js.hs-analytics.net cdn.mxpnl.com *.wisepops.com wisepops.net stonly.com *.stonly.com 'nonce-alpine-MaLc0onroV' 'nonce-alpine-qS9DMu3gQ1' 'nonce-alpine-qNqU8FaR3S' 'nonce-tradier-OaJPZFGS2o' 'nonce-tradier-e7I7ezUpVY' 'nonce-tradier-767oCEojoK' 'nonce-tradier-QvH5UIzAaB' 'nonce-tradier-9bicLG8b25' 'nonce-tradier-T1sY0OxPFY' 'nonce-tradier-luIFuFKAp9' 'nonce-tradier-uq3w1Vr51E' 'nonce-tradier-8TMzHh1C8V' 'nonce-tradier-dET8k2kJQl' 'nonce-tradier-vE0oJwx3HO' 'nonce-tradier-j10EVOLasq' 'nonce-tradier-4LAjh2qL21' 'nonce-tradier-zJ3IZeGBJ0' 'nonce-stonly-tYLDXOjX76' 'nonce-stonly-WTm0JyEsqM' 'sha256-19DqsmrnI20bW+i+IGzv5rjMPP7Sp+JNbNxF+f4dkf0=' 'sha256-Nl2+22hl1U2LDEbzm5bmkay6skuCPFMaO/KZBO+1/Vg=' 'sha256-BiaLSZnJ9+OYVc64TceNbbXiOVmWPtl64B4sNfxJb/M=' 'sha256-FnvgEoQt5vCXD4dgabs37oYOvMmXYIihB9fpPUGb/WY=' 'sha256-RMQCssDiZCoGbV1rRYb4DZHAQaIq/Ehmup6CfEhCyjg=' 'sha256-beo5y8GViOdNuaTEDJTJ/KKB5ycglCnF5Zc8ujhdd80=' 'sha256-gPjlli1HEdLlR0AZTY971/wQVOdSkl9mEinLnxrPpJw=' 'sha256-NzhNJEDf732CUfDm8e4e6VoMw1yscVBzSAPNJIiDDkQ=' 'sha256-THe0h+/0EY0lOHit6yyuvCXAJ28BrMYPWYGXHhwXJ8Y=' 'sha256-+YCYJj/3Q5ySNQ8NROQl+od78SQRjNAaBBMWlRUuuwU=' 'sha256-0FfP5/LVuEKfAPBK35jqnQfeHDDlwBnMQxnqM+Cx5GY=' 'sha256-qVa8eMpTUS9t+MnUr5yr+OyBTGW9XGCgoUc4WqM8osg=' 'sha256-4cvDi3C1V91CpX65rMsWSIu7i4mNA/RaNZ0tGW9r4nY='; connect-src 'self' *.nsvcs.net ingesteer.services-prod.nsvcs.net www.facebook.com analytics.google.com www.google-analytics.com region1.analytics.google.com translate.googleapis.com *.doubleclick.net *.google.com www.google.com forms.hsforms.com api.hubapi.com *.wisepops.com app.getwisp.co wisepops.net api-js.mixpanel.com forms-na1.hubspot.com https://hubspot-forms-static-embed.s3.amazonaws.com/prod/4862349/2c66c612-81a4-4370-abc9-6d7626326280.json.gz https://hubspot-forms-static-embed.s3.amazonaws.com/prod/4862349/74913fba-84fd-4c73-861e-38c9498b90c8.json.gz https://hubspot-forms-static-embed.s3.amazonaws.com/prod/4862349/550fe60c-6808-4d5a-94b0-d3a15587bdad.json.gz stonly.com *.stonly.com; img-src 'self' translate.google.com fonts.gstatic.com www.google.com www.googletagmanager.com img.youtube.com forms.hsforms.com forms-na1.hsforms.com *.facebook.com d.adroll.com s.adroll.com googleads.g.doubleclick.net ipv4.d.adroll.com x.adroll.com track.hubspot.com *.wisepops.com wisp-production-storage.s3.amazonaws.com *.wisepops.net data: media.stonly.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com embed.typeform.com; base-uri 'self'; form-action 'self' forms.hsforms.com; font-src 'self' fonts.gstatic.com data:; frame-src 'self' youtube.com www.youtube.com www.googletagmanager.com form.typeform.com forms.hsforms.com *.doubleclick.net *.adroll.com *.wisepops.com wisepops.net ibportal.gainfutures.com demoform.cqg.com vercel.live stonly.com *.stonly.com *.tradier.com;

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Strengthen CSP by removing 'unsafe-eval'
• Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Caching Headers

4 headers

Age

Caching

45478

Cache-Control

Caching

public, max-age=0, must-revalidate

Etag

Caching

"38c310fc28ec0e392b2ed233129093e3"

Last-Modified

Caching

Wed, 31 Dec 2025 21:30:49 GMT

Content Headers

3 headers

Content-Disposition

Content

inline

Content-Length

Content

84401

Content-Type

Content

text/html; charset=utf-8

Server Headers

1 headers

Server

Vercel

CORS Headers

1 headers

Access-Control-Allow-Origin

Cors

*

Cookies Headers

0 headers

No cookies headers found

Other Headers

3 headers

Date

Other

Thu, 01 Jan 2026 10:32:46 GMT

X-Vercel-Cache

Other

HIT

X-Vercel-Id

Other

iad1::trxrf-1767263566126-99eeb0f9cd33

Recommendations

Enable compression (gzip/brotli) to improve performance