| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| X-Content-Type-Options | nosniff |
| Last-Modified | Fri, 18 Apr 2025 13:49:34 GMT |
| Etag | "cf03-6330dc9de1e46" |
| Accept-Ranges | bytes |
| Content-Length | 52995 |
| X-Frame-Options | SAMEORIGIN |
| Date | Mon, 21 Apr 2025 14:42:44 GMT |
| Server | Apache |
| Content-Security-Policy | default-src 'self'; connect-src newpaltz.edu www.newpaltz.edu admissions.newpaltz.edu communications.newpaltz.edu *.adroll.com jobsability.azurewebsites.net directline.botframework.com wss://directline.botframework.com *.clarity.ms stats.g.doubleclick.net *.google.com www.facebook.com www.google-analytics.com *.ibytedtos.com api.idonate.com *.tts.speech.microsoft.com wss://ai.ocelotbot.com *.ocelotbot.com *.snapchat.com *.technolutions.net analytics.tiktok.com api.zotero.org wss://*.youvisit.com; font-src *; frame-src *.newpaltz.edu app.acuityscheduling.com airtable.com map.concept3d.com w2.countingdownto.com www.dhs.gov *.e2ma.net staticxx.facebook.com www.facebook.com newpaltz.financialaidtv.com *.google.com accounts.google.com calendar.google.com www.googletagmanager.com *.idonate.com www.instagram.com cdn.knightlab.com newpaltz.knowmia.com my.matterport.com feed.mikle.com www.myatlascms.com *.ocelotbot.com prezi.com *.snapchat.com snapwidget.com w.soundcloud.com www.suny.edu *.tagboard.com free.timeanddate.com *.tiktok.com *.ttwstatic.com platform.twitter.com syndication.twitter.com *.unibuddy.co unibuddy.co player.vimeo.com vgrad.z19.web.core.windows.net newpaltz.wufoo.com newpaltzschoolofscience.wufoo.com www.youtube.com *.youvisit.com *.zenfolio.com; img-src * blob: data:; media-src 'self' data *.newpaltz.edu; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.newpaltz.edu *.adnxs.com c.amazon-adsystem.com cybba-bucket.s3.amazonaws.com emma-content-aggregates-prd.s3.amazonaws.com *.adroll.com cdn.botframework.com www.clarity.ms cdnjs.cloudflare.com d2rp1k1dldbai6.cloudfront.net dk98ddgl0znzm.cloudfront.net *.cybba.solutions *.cybba.us googleads.g.doubleclick.net *.dca0.com signup.e2ma.net connect.facebook.net www.google.com cse.google.com *.google-analytics.com www.googleadservices.com storage.googleapis.com www.googletagmanager.com *.ibytedtos.com *.idonate.com *.instagram.com code.jquery.com snap.licdn.com *.ocelotbot.com sc-static.net *.stackadapt.com static.tagboard.com *.technolutions.net *.tiktok.com *.tiktokcdn.com *.tiktokcdn-us.com *.ttwstatic.com cdn.unibuddy.co player.vimeo.com *.wufoo.com *.youvisit.com; script-src-elem 'self' 'unsafe-inline' *.newpaltz.edu embed.acuityscheduling.com *.adroll.com www.clarity.ms emma-content-aggregates-prd.s3.amazonaws.com cdn.botframework.com emma-content-aggregates-prd.s3.amazonaws.com maxcdn.bootstrapcdn.com assets.calendly.com cdnjs.cloudflare.com d2rp1k1dldbai6.cloudfront.net d3gxy7nm8y4yjr.cloudfront.net dk98ddgl0znzm.cloudfront.net *.cybba.solutions googleads.g.doubleclick.net signup.e2ma.net connect.facebook.net ajax.googleapis.com www.google.com *.ibytedtos.com *.instagram.com linkhelp.clients.google.com cse.google.com www.google.com/cse/static www.googleadservices.com *.google-analytics.com www.googletagmanager.com www.gstatic.com *.idonate.com code.jquery.com snap.licdn.com *.ocelotbot.com www.recaptcha.net sc-static.net tagboard.com *.tagboard.com *.technolutions.net *.tiktok.com *.tiktokcdn.com *.tiktokcdn-us.com platform.twitter.com *.twimg.com *.ttwstatic.com *.unibuddy.co player.vimeo.com *.wufoo.com *.youvisit.com; style-src 'self' 'unsafe-inline' *.newpaltz.edu maxcdn.bootstrapcdn.com cdnjs.cloudflare.com static-cdn.e2ma.net necolas.github.io www.google.com fonts.googleapis.com www.gstatic.com cdn.jsdelivr.net *.ocelotbot.com *.tiktokcdn.com *.tiktokcdn-us.com *.ttwstatic.com platform.twitter.com *.twimg.com *.technolutions.net; frame-ancestors 'self' https://admissions.newpaltz.edu; upgrade-insecure-requests; |
| X-Xss-Protection | 1; mode=block |
| Strict-Transport-Security | max-age=63072000; |
| Content-Type | text/html; charset=UTF-8 |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar