| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| X-Drupal-Cache | MISS |
| X-Cache-Hits | 29 |
| Date | Thu, 17 Apr 2025 00:49:32 GMT |
| Connection | keep-alive |
| Strict-Transport-Security | max-age=31536000 ; includeSubDomains |
| Content-Security-Policy | default-src 'self' *.collegeboard.org; script-src 'self' *.collegeboard.org cdnjs.cloudflare.com sdk.amazonaws.com assets.adobedtm.com cdn.cookielaw.org bat.bing.com www.clarity.ms d.clarity.ms 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com connect.facebook.net cdn.heapanalytics.com widgets.getsitecontrol.com www.youtube.com *.salesforceliveagent.com service.force.com s.yimg.com connect.facebook.net ajax.cloudflare.com st.getsitecontrol.com js-agent.newrelic.com bam.nr-data.net d10lpsik1i8c69.cloudfront.net s3.amazonaws.com/cdn.aimtell.com/ www.google.com client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js tpc.googlesyndication.com cdn.aimtell.com static.lightning.force.com *.my.salesforce.com *.my.salesforce-sites.com apform.secure.force.com conoret.com ucads-cdn.ucweb.com www.google-analytics.com www.pagespeed-mod.com bytedance.com sp.analytics.yahoo.com static.jungroup.com cdn.ckeditor.com cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.js assets.calendly.com platform.twitter.com *.appcues.com *.appcues.net cb-zscaler-pages.s3.amazonaws.com; style-src 'self' *.collegeboard.org 'unsafe-inline' service.force.com translate.googleapis.com use.fontawesome.com apform.secure.force.com *.my.salesforce-sites.com cdn.tt.omtrdc.net/cdn/adobetarget/admin.css d10lpsik1i8c69.cloudfront.net/css/reset.css fonts.googleapis.com cdn.ckeditor.com cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.css wiris-v7.hive-prod.collegeboard.org:80 wiris-v7.hive-nonprod.collegeboard.org:80 *.appcues.com *.appcues.net fonts.googleapis.com fonts.google.com 'unsafe-inline'; img-src 'self' *.collegeboard.org data: bat.bing.com www.facebook.com www.google.com *.doubleclick.net googleads.g.doubleclick.net *.clarity.ms *.heapanalytics.com app.getsitecontrol.com *.analytics.yahoo.com *.bing.com heapanalytics.com www.googletagmanager.com www.google.co.jp www.google.ca www.googletagmanager.com www.google.co www.google.com www.google.jo translate.google.com ssl.google-analytics.com d10lpsik1i8c69.cloudfront.net adservice.google.com *.appcues.com *.appcues.net res.cloudinary.com twemoji.maxcdn.com *; frame-src 'self' *.collegeboard.org www.surveygizmo.com bid.g.doubleclick.net googleads.g.doubleclick.net service.force.com beacon.aimtell.com tpc.googlesyndication.com datacloudstat.com www.facebook.com www.youtube.com ws-lmdc-app03.dhs.state.nj.us gateway.zscloud.net mozbar.moz.com s3.amazonaws.com/cdn.aimtell.com/ *.id.opendns.com lsrelay-config-production.s3.amazonaws.com pg-sasscer-ckf04.pgcps.org static.deledao.com data: schools-blocked.s3-website-us-east-1.amazonaws.com calendly.com platform.twitter.com *.appcues.com credentialfinder.org apps.credentialengine.org *.webcasts.com td.doubleclick.net www.googletagmanager.com cb-zscaler-pages.s3.amazonaws.com us-east-1.quicksight.aws.amazon.com; frame-ancestors 'self' credentialfinder.org; font-src 'self' *.collegeboard.org themes.googleusercontent.com fonts.gstatic.com data: st.getsitecontrol.com moz-extension: use.fontawesome.com static3.avast.com at.alicdn.com cdn.loom.com/assets/fonts/ wiris-v7.hive-prod.collegeboard.org:80 wiris-v7.hive-nonprod.collegeboard.org:80 cdnjs.cloudflare.com/ajax/libs/mathjax/3.2.2/es5/output/chtml/fonts/woff-v2/ fonts.gstatic.com; connect-src 'self' ws: *.collegeboard.org k625k2vrzvdo5g7ynbvtjejehi.appsync-api.us-east-1.amazonaws.com/graphql dgtkl2ep7natjmkbefhxflglie.appsync-api.us-east-1.amazonaws.com/graphql cdn.cookielaw.org geolocation.onetrust.com www.facebook.com *.clarity.ms bat.bing.com app.getsitecontrol.com lambda.us-east-1.amazonaws.com signals.aimtell.com bam.nr-data.net settings.luckyorange.net cdn.aimtell.io log.aimtell.com s.yimg.com cognito-identity.us-east-1.amazonaws.com dataplane.rum.us-east-1.amazonaws.com sts.us-east-1.amazonaws.com beacon.aimtell.com adservice.google.com www.google.com api.ultimateaderaser.com privacyportal.onetrust.com adtonus.com apform.secure.force.com cdnm3.cdnservice.space/start5.json code.jquery.com gjtrack.ucweb.com/collect heapanalytics.com log.kslogs.ru/timesince plugin.ucads.ucweb.com/api rdtds.net/siblings/find stats.g.doubleclick.net www.google-analytics.com api.trongrid.io/wallet/getnodeinfo dgtkl2ep7natjmkbefhxflglie.appsync-api.us-east-1.amazonaws.com get663.com support.adcleanerpage.com hm.baidu.com/hm.gif dgtkl2ep7natjmkbefhxflglie.appsync-realtime-api.us-east-1.amazonaws.com analytics.aimtell.com sts.us-west-2.amazonaws.com cognito-identity.us-west-2.amazonaws.com d1ktxyteejjrbw.cloudfront.net static.doubleclick.net full-apform.cs190.force.com yt3.ggpht.com cdn.mouseflow.com n2.mouseflow.com collegeboard-full.my.salesforce.com i.ytimg.com cdn.ckeditor.com telemetry.wiris.net wiris-v7.hive-prod.collegeboard.org:80 wiris-v7.hive-nonprod.collegeboard.org:80 *.appcues.com *.appcues.net *.my.salesforce-sites.com ipapi.co 9frgh2i4b9.execute-api.us-east-1.amazonaws.com |
| X-Akamai-Transformed | 9 - 0 pmb=mTOE,1 |
| Cache-Control | public, max-age=2764800 |
| Vary | Accept-Encoding |
| X-Generator | Drupal 10 (https://www.drupal.org) |
| X-Ah-Environment | prod |
| X-Age | 3038 |
| Access-Control-Allow-Origin | * |
| X-Content-Type-Options | nosniff |
| X-Request-Id | v-b80e1e1a-1b1c-11f0-ab5c-8fa143113eb8 |
| X-Frame-Options | SAMEORIGIN |
| Content-Type | text/html; charset=UTF-8 |
| X-Drupal-Dynamic-Cache | HIT |
| Content-Language | en |
| Last-Modified | Wed, 16 Apr 2025 23:44:20 GMT |
| Accept-Ranges | bytes |
| Expires | Mon, 19 May 2025 00:49:32 GMT |
| Set-Cookie | _abck=99254907497F3BC9DEDD782E18DB1352~-1~YAAQCf8TAowKwgqWAQAA6+04QQ00xOApgjwz1DqltNcnC2Mpuo+A+wWudMKLHEhlUcMfHp255wNqS8TdVZCxT29o3r3Bww/6+CWPbQuIg32Wc54i0DijO3V8NSRpTqQIVmrXA3QWE/9u5q7nVqapCI/HfYTnv80HJ+bnqNuunuUIWlbJGtexhdUtobMOmLwIllKAPsGTSD1Ggzh8v37vw+Hx2j9NTatgUiex5uaR+nXfz+WEiuM3MoNYuzUcoRDY7YsYmTZvOeE79wZFimGzuSp+yD6CC9eB9VltTT+cUyk/65KDH+1wAtuvcreebahwkKS8XwjMB+3VmTreKhzDefBJi8ZVOdodp3pf70D/3mb0C7Qy8nebEXjKEGJhv1bBjO7OBnIGbf/J9ag5EDw+vEzJRkCuReo9+OJos2IzbbXqB8M=~-1~-1~-1; Domain=.collegeboard.org; Path=/; Expires=Fri, 17 Apr 2026 00:49:32 GMT; Max-Age=31536000; Secure |
| Server | nginx |
| Etag | "1744847060-gzip" |
| X-Xss-Protection | 1; mode=block |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar