Open
Cached
·
just now
18
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Weak
object-src; frame-ancestors; report-uri
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Significantly strengthen CSP directives
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Caching Headers
2 headers
Etag
Caching
"1dc8412c0039139"
Last-Modified
Caching
Mon, 12 Jan 2026 22:28:18 GMT
Content Headers
1 headers
Content-Type
Content
text/html
Server Headers
1 headers
Server
Server
Kestrel
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
incap_ses_1845_1635673=5qXcUU5sAwmDkuf8UMKaGYl4bmkAAAAA2cqIwwHj0SJnWf/2K/m4TA==; path=/; Domain=.xactprm.com
Other Headers
4 headers
Content-Security-Policy-Report-Only
Other
default-src 'self';script-src 'self' inline https://assets.adobedtm.com https://cm.everesttech.net https://*.demdex.net https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://static.userguiding.com https://serve.albacross.com;object-src 'none';style-src 'self' inline https://*.googleapis.com https://*.cloudflare.com https://static.userguiding.com;img-src 'self' https://www.google-analytics.com https://www.google.com https://verisk.d1.sc.omtrdc.net https://new-collect.albacross.com https://media.userguiding.com https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com;media-src 'none';frame-src 'self' https://assets.adobedtm.com https://cm.everesttech.net https://*.demdex.net https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://static.userguiding.com https://serve.albacross.com;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com;connect-src 'self' https://new-collect.albacross.com https://*.doubleclick.net https://www.google.com https://maps.googleapis.com https://analytics.google.com https://www.google-analytics.com https://user.userguiding.com https://sdk.userguiding.com https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com https://*.s3.us-west-2.amazonaws.com https://*.omtrdc.net https://*.2o7.net;base-uri 'self';form-action 'self';frame-ancestors 'self' direct.pruvan.com *.direct.pruvan.com;upgrade-insecure-requests;block-all-mixed-content;report-uri /csp/CspReport/report-only
Date
Other
Mon, 19 Jan 2026 18:31:38 GMT
X-Cdn
Other
Imperva
X-Iinfo
Other
55-66446039-66446044 NNNN CT(88 174 0) RT(1768847497950 8) q(0 0 2 1) r(3 4) U24
Recommendations
Enable compression (gzip/brotli) to improve performance
Add Cache-Control header to optimize caching