bakersfieldcity.us | Analytics by SecurityHeaders

HTTP Headers report for bakersfieldcity.us

Header Name Header Data
HTTP status code 200
Vary Accept-Encoding
Served-By engage6-cms-5ff487fb49-vlg2p
X-Content-Type-Options nosniff
Cf-Cache-Status EXPIRED
Last-Modified Sat, 19 Apr 2025 04:35:02 GMT
Permissions-Policy camera=(), geolocation=(), microphone=(), usb=(), fullscreen=(self)
Link <https://content.civicplus.com>; nopush; rel=preconnect, <https://engage6-api.civicplus.pro>; nopush; rel=preconnect, <https://fonts.googleapis.com>; nopush; rel=preconnect, </Assets/Mystique/Shared/Scripts/webfontloader/webfont.1.5.18.min.js?v=1518>; as=script; nopush; rel=preload, <https://www.bakersfieldcity.us/Assets/cpui/build/assets/index-E7dzpRDJ.js>; as=script; nopush; rel=preload, <>; imagesrcset="https://content.civicplus.com/api/assets/acb4cb50-3d3a-4907-9e40-c002d477e7d3?width=300&mode=min 300w,https://content.civicplus.com/api/assets/acb4cb50-3d3a-4907-9e40-c002d477e7d3?width=600&mode=min 600w,https://content.civicplus.com/api/assets/acb4cb50-3d3a-4907-9e40-c002d477e7d3?width=900&mode=min 900w,https://content.civicplus.com/api/assets/acb4cb50-3d3a-4907-9e40-c002d477e7d3?width=1280&mode=min 1280w,https://content.civicplus.com/api/assets/acb4cb50-3d3a-4907-9e40-c002d477e7d3?width=1920&mode=min 1920w,https://content.civicplus.com/api/assets/acb4cb50-3d3a-4907-9e40-c002d477e7d3?width=2200&mode=min 2200w"; imagesizes="(max-width: 300px) 280px,(max-width: 600px) 580px,(max-width: 900px) 880px,(max-width: 1280px) 1260px,(max-width: 1920px) 1900px,2180px"; as=image; nopush; crossorigin; rel=preload, <https://content.civicplus.com/api/assets/a1bb8cf0-8e5e-47b3-95f6-dbabc506e681?cache=1800>; as=image; nopush; rel=preload
X-Frame-Options SAMEORIGIN
Referrer-Policy strict-origin-when-cross-origin
X-Cache-Status HIT
X-Cache-404-Status MISS
Server cloudflare
Request-Context appId=cid-v1:cd12a649-6132-4c93-8c7b-649841af9773
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Authenticated false
Date Sat, 19 Apr 2025 04:35:02 GMT
Content-Type text/html; charset=utf-8
Connection keep-alive
Cache-Control public, max-age=30, must-revalidate, proxy-revalidate, s-maxage=247, stale-if-error
Content-Security-Policy-Report-Only default-src 'self' wss: *.gravatar.com *.seeclickfix.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com * 'self'; style-src 'self' 'unsafe-inline' *.seeclickfix.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com * 'self' 'unsafe-inline'; img-src 'self' *.seeclickfix.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com * 'self' data: blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.seeclickfix.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com http://tag.brandcdn.com/privacy tag.brandcdn.com/autoscript/cityofbakersfieldsolidwastedivisio_vgtstk1fovvvvfu9/city_of_bakersfield_solid_waste_divisio.js * 'self' about: 'unsafe-inline' 'unsafe-eval' data:; worker-src * 'self' data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src * 'self' https://*.granicus.com https://platform.civicplus.com https://account.civicplus.com https://analytics.civicplus.com https://.granicus.com; media-src * 'self' blob:; font-src 'self' *.seeclickfix.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com * 'self' data: data:; upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self';report-uri /contentsecuritypolicy/report
Cf-Ray 9329b1637a8e96f8-AMS

About the tool

By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.

This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.

We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.

Watch it now at TrustRadar