| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Pragma | no-cache |
| Cache-Control | max-age=600, must-revalidate |
| X-Cache-Group | normal |
| Alt-Svc | h3=":443"; ma=86400 |
| Content-Type | text/html; charset=UTF-8 |
| Connection | keep-alive |
| Cf-Cache-Status | DYNAMIC |
| Server | cloudflare |
| Date | Mon, 07 Apr 2025 21:59:56 GMT |
| Strict-Transport-Security | max-age=31536000; includeSubDomains |
| X-Cache | HIT: 12 |
| Content-Security-Policy | child-src *.googletagmanager.com *.greenhouse.io *.vimeo.com app.qualified.com; connect-src *.clarity.ms *.6sc.co *.mutinyhq.io *.mutinyhq.com *.mutinycdn.com *.cookiefirst.com *.google-analytics.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.vimeocdn.com *.forethought.ai *.linkedin.com *.vidyard.com *.vimeo.com *.6sense.co *.6sense.com *.d2l.com dev.mytype.d2l.com.s3-website-us-west-2.amazonaws.com mytype.d2l.com dl102401s.searchunify.com dl182403p.searchunify.com d2y8arselzu8n4.cloudfront.net d14drb1667mvq0.cloudfront.net *.g2.com www.redditstatic.com bam.nr-data.net pagead2.googlesyndication.com secure.adnxs.com www.google.co.in www.google.co.nz www.google.co.uk www.google.co.vi www.google.com.br www.google.com.co www.google.com.mx www.google.ie 'self' 482-pda-858.mktoresp.com 482-pda-858.mktoutil.com app.qualified.com conversions-config.reddit.com data: eps.6sc.co my.yoast.com pixel-config.reddit.com prod.customershome.com region1.analytics.google.com tracking.g2crowd.com translate.googleapis.com wss://ws.qualified.com www.facebook.com www.google.ca www.googleadservices.com yoast.com vimeo.com; default-src *.clarity.ms *.6sc.co *.acuityplatform.com *.mutinyhq.io *.mutinyhq.com *.mutinycdn.com *.linkedin.com 'self' 'unsafe-inline' *.d2l.com dev.mytype.d2l.com.s3-website-us-west-2.amazonaws.com mytype.d2l.com c.bing.com secure.adnxs.com 482-pda-858.mktoresp.com alb.reddit.com analytics.google.com connect.facebook.net data: googleads.g.doubleclick.net ipv6.6sc.co js.qualified.com munchkin.marketo.net origin.acuityplatform.com pixel-config.reddit.com 'self' tracking.g2crowd.com www.facebook.com www.google.com www.googletagmanager.com www.redditstatic.com www.youtube.com; font-src 'self' data: www.d2l.com dl102401s.searchunify.com dl182403p.searchunify.com fonts.gstatic.com dev.mytype.d2l.com.s3-website-us-west-2.amazonaws.com mytype.d2l.com; form-action 'self' www.facebook.com applications.zoom.us; frame-src *.googletagmanager.com *.greenhouse.io *.vidyard.com *.vimeo.com *.forethought.ai *.d2l.com 'self' capture.navattic.com applications.zoom.us app.qualified.com td.doubleclick.net www.facebook.com www.google.com www.youtube.com www.buzzsprout.com; img-src *.clarity.ms *.6sc.co *.mutinycdn.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.vimeocdn.com *.linkedin.com *.vidyard.com *.d2l.com cdn.shortpixel.ai i.ytimg.com d2y8arselzu8n4.cloudfront.net d14drb1667mvq0.cloudfront.net dl102401s.searchunify.com dl182403p.searchunify.com static.pheedloop.com google.com pagead2.googlesyndication.com consent.cookiefirst.com secure.adnxs.com www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.ma www.google.co.nz www.google.co.uk www.google.co.vi www.google.co.za www.google.com.ar www.google.com.au www.google.com.br www.google.com.bz www.google.com.co www.google.com.do www.google.com.ec www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.ly www.google.com.mx www.google.com.np www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.sa www.google.com.sg www.google.com.tr www.google.de www.google.dz www.google.es www.google.fi www.google.fr www.google.gm www.google.gr www.google.ht www.google.hu www.google.ie www.google.it www.google.nl www.google.pt www.google.rs 'self' app.navattic.com c.bing.com alb.reddit.com data: fonts.gstatic.com secure.gravatar.com translate.google.com www.facebook.com www.google.ca blob:; media-src *.vimeo.com *.vimeocdn.com 'self' h5p.com app.qualified.com; object-src 'self'; script-src-attr 'unsafe-inline'; script-src-elem *.clarity.ms *.6sc.co *.acuityplatform.com *.mutinycdn.com *.cookiefirst.com *.greenhouse.io *.forethought.ai *.vidyard.com *.vimeo.com *.d2l.com 'self' 'unsafe-inline' cdn.shortpixel.ai d2y8arselzu8n4.cloudfront.net d14drb1667mvq0.cloudfront.net pagead2.googlesyndication.com snap.licdn.com bam.nr-data.net apis.google.com connect.facebook.net googleads.g.doubleclick.net js-agent.newrelic.com js.qualified.com js.storylane.io munchkin.marketo.net origin.acuityplatform.com tracking.g2crowd.com unpkg.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com yoast.com js.live.net www.dropbox.com; script-src *.6sc.co *.acuityplatform.com *.mutinycdn.com *.googletagmanager.com *.googleadservices.com *.google.com *.vimeocdn.com *.vimeo.com *.greenhouse.io *.forethought.ai *.d2l.com 'self' 'unsafe-eval' 'unsafe-inline' js.navattic.com pagead2.googlesyndication.com snap.licdn.com bam.nr-data.net consent.cookiefirst.com client-registry.cdn.com connect.facebook.net googleads.g.doubleclick.net js-agent.newrelic.com js.qualified.com munchkin.marketo.net tracking.g2crowd.com unpkg.com www.clarity.ms www.redditstatic.com; style-src-attr 'unsafe-inline' dev.mytype.d2l.com.s3-website-us-west-2.amazonaws.com mytype.d2l.com; style-src-elem *.cookiefirst.com *.greenhouse.io *.d2l.com d2y8arselzu8n4.cloudfront.net d14drb1667mvq0.cloudfront.net 'self' 'unsafe-inline' data: fonts.googleapis.com www.gstatic.com dev.mytype.d2l.com.s3-website-us-west-2.amazonaws.com mytype.d2l.com; style-src 'self' 'unsafe-inline' d2y8arselzu8n4.cloudfront.net d14drb1667mvq0.cloudfront.net consent.cookiefirst.com dev.mytype.d2l.com.s3-website-us-west-2.amazonaws.com mytype.d2l.com; worker-src 'self' blob:; frame-ancestors app.mutinyhq.com applications.zoom.us; |
| Feature-Policy | geolocation={}, midi={}, sync-xhr={}, microphone={}, camera={}, magnetometer={}, gyroscope={}, fullscreen={self}, payment={} |
| Referrer-Policy | origin |
| X-Content-Type-Options | nosniff |
| X-Frame-Options | SAMEORIGIN |
| X-Cacheable | SHORT |
| Cf-Ray | 92cccb811f58a55c-AMS |
| Access-Control-Allow-Headers | Content-Type, Authorization |
| Access-Control-Allow-Origin | https://www.d2l.com |
| X-Xss-Protection | 1; mode=block |
| Vary | Accept-Encoding |
| Expires | Thu, 19 Nov 1981 08:52:00 GMT |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar