| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Vary | Accept-Encoding |
| Last-Modified | Fri, 18 Apr 2025 20:33:05 GMT |
| Content-Security-Policy | default-src 'self' *.sitefinity.com *.clarity.ms *.technolutions.net *.visualwebsiteoptimizer.com *.google.com *.radartoolkit.com *.exactlylabs.com *.youtube.com; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js cdnjs.cloudflare.com *.google.com *.datatables.net *.googleadservices.com *.youtube.com https://dec.azureedge.net/ munchkin.marketo.net *.typekit.net *.googletagmanager.com *.cmich.edu *.cmuhealth.org *.azure-api.net sc-static.net *.monsido.com monsido.com diffuser-cdn.app-us1.com *.technolutions.net *.crazyegg.com *.app-us1.com trackcmp.net *.sitefinity.com *.snapchat.com *.doubleclick.net *.clarity.ms *.facebook.net *.bing.com ionfiles.scribblecdn.net *.msecnd.net *.youvisit.com *.simpli.fi *.tiktok.com *.visualwebsiteoptimizer.com *.syndetics.com *.librarything.com tgbwidget.com adp.eab.com my.go-cmich.org *.liveperson.net *.lpsnmedia.net app.vwo.com *.radartoolkit.com *.exactlylabs.com bot.ivy.ai *.instagram.com onstipe.com cdn.jsdelivr.net momentjs.com https://lf16-tiktok-web.tiktokcdn-us.com unpkg.com *.hepdata.com cmich.libcal.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api *.eloqua.com *.en25.com web-chat.nativechat.com cdn.ampproject.org js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.fontawesome.com *.typekit.net *.cmich.edu *.cmuhealth.org *.datatables.net *.crazyegg.com *.technolutions.net *.googletagmanager.com *.librarything.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *.radartoolkit.com *.exactlylabs.com my.go-cmich.org cdn.jsdelivr.net *.tiktok.com https://lf16-tiktok-web.tiktokcdn-us.com *.hepdata.com *.tiktokcdn.com https://lf16-tiktok-common.ttwstatic.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.cmich.edu googletagmanager.com *.googletagmanager.com monsido.com *.monsido.com *.clarity.ms cmich.edu *.cmuhealth.org *.typekit.net *.snapchat.com *.bing.com *.google.com *.crazyegg.com data.adxcel-ec2.com *.youvisit.com *.simpli.fi *.googleadservices.com *.doubleclick.net *.3lift.com *.tremorhub.com *.tapad.com *.agkn.com *.pro-market.net *.stickyadstv.com *.pubmatic.com *.intentiq.com *.bfmio.com *.analytics.yahoo.com *.exelator.com *.bluekai.com *.rlcdn.com *.lijit.com *.crwdcntrl.net *.openx.net *.rubiconproject.com *.adnxs.com *.spotxchange.com *.librarything.com *.visualwebsiteoptimizer.com my.go-cmich.org *.lpsnmedia.net app.vwo.com chart.googleapis.com wingify-assets.s3.amazonaws.com ajeuwbhvhr.cloudimg.io ai1.ivy-cdn.com *.instagram.com www.buzzsprout.com img.youtube.com i.ytimg.com *.hepdata.com arttrk.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.fontawesome.com *.cmich.edu *.cmuhealth.org *.typekit.net bot.ivy.ai widget.tagembed.com *.hepdata.com https://sf16-website-login.neutral.ttwstatic.com; frame-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.youtube.com *.cmich.edu *.cmuhealth.org *.twitter.com *.vimeo.com *.sitefinity.com *.facebook.com *.snapchat.com *.crazyegg.com *.doubleclick.net *.google.com *.panopto.com *.youvisit.com *.librarything.com tgbwidget.com cdn.yoshki.com e.issuu.com *.liveperson.net *.lpsnmedia.net yoshki.com app.vwo.com *.radartoolkit.com *.exactlylabs.com scribehow.com bot.ivy.ai *.instagram.com onstipe.com widget.tagembed.com *.tiktok.com https://lf16-tiktok-web.tiktokcdn-us.com *.youtube-nocookie.com *.matterport.com *.adsensecustomsearchads.com *.googletagmanager.com 'self' web-chat.nativechat.com forms.hsforms.com; connect-src accounts.google.com *.google-analytics.com *.mktoresp.com *.googleapis.com *.withgoogle.com *.cmich.edu cmich.azure-api.net *.visualstudio.com *.googleanalyitcs.com googleanalytics.com *.google.com *.snapchat.com *.sitefinity.com *.doubleclick.net *.crazyegg.com *.clarity.ms *.facebook.net *.facebook.com *.technolutions.net analytics.tiktok.com my.go-cmich.org *.visualwebsiteoptimizer.com app.vwo.com *.radartoolkit.com *.exactlylabs.com *.eab.com *.hepdata.com cmich.libcal.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob: *.cmich.edu *.cmuhealth.org *.lpsnmedia.net; child-src *.sitefinity.com *.cmich.edu cmich.azure-api.net blob: *.visualwebsiteoptimizer.com *.radartoolkit.com *.exactlylabs.com 'self' web-chat.nativechat.com; form-action 'self' *.cmich.edu cmich.azure-api.net *.sitefinity.com *.facebook.com *.exlibrisgroup.com *.snapchat.com *.radartoolkit.com *.exactlylabs.com; frame-ancestors 'self' *.youtube.com *.cmich.edu *.cmuhealth.org *.sitefinity.com *.twitter.com *.radartoolkit.com *.exactlylabs.com; object-src cmich.azure-api.net *.sitefinity.com *.crazyegg.com *.facebook.net *.cmich.edu *.technolutions.net *.visualwebsiteoptimizer.com *.radartoolkit.com *.exactlylabs.com 'self' |
| X-Xss-Protection | 1; mode=block |
| X-Fd-Int-Roxy-Purgeid | 66804026 |
| X-Powered-By | ASP.NET |
| X-Azure-Ref | 20250419T120728Z-16b49dc5d6d66z27hC1AMSse2n0000000a50000000001uds |
| Connection | keep-alive |
| Cache-Control | public, max-age=20, s-maxage=10 |
| Etag | W/"3b92e822-b244-4355-9722-c90f3052a53c" |
| X-Aspnet-Version | 4.0.30319 |
| Referrer-Policy | no-referrer-when-downgrade |
| Request-Context | appId=cid-v1:d57a69de-eb75-428e-b593-8635e2562bae |
| X-Content-Type-Options | nosniff |
| X-Cache | TCP_REVALIDATED_HIT |
| Date | Sat, 19 Apr 2025 12:07:29 GMT |
| Content-Type | text/html; charset=utf-8 |
| Expires | Sat, 19 Apr 2025 02:17:18 GMT |
| Strict-Transport-Security | max-age=31536000; includeSubDomains |
| X-Frame-Options | SAMEORIGIN |
| Access-Control-Expose-Headers | Request-Context |
| X-Cache-Info | L1_T2 |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar