| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Date | Tue, 08 Apr 2025 10:33:02 GMT |
| Content-Security-Policy | default-src 'self' about: data: blob: analytics.google.com bam.nr-data.net app.energycap.com *.kampyle.com *.nr-data.net *.force.com *.browsealoud.com *.constantcontact.com *.ctctcdn.com www.facebook.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com cascade2.libchat.com px.ads.linkedin.com track.mailerlite.com *.medallia.com *.monsido.com *.newrelic.com *.sdge.com *.sharethis.com speech.speechstream.net public.tableau.com *.twimg.com *.twitter.com www.wageworks.com static.wixstatic.com cola.unh.edu www.consumer.ftc.gov sandiego.gov *.sandiego.gov stats.g.doubleclick.net bam.nr-data.net speech.speechstream.net firstsearch.oclc.org *.granicus.com *.weather.gov; script-src 'self' about: data: blob: *.twitter.com *.polyfill.io *.amazonaws.com *.hdrelay.com manage.hdrelay.com *.monsido.com *.googleapis.com 'unsafe-eval' 'unsafe-inline' *.kampyle.com *.medallia.com visualsponline.azurewebsites.net *.nr-data.net *.force.com *.newrelic.com *.google-analytics.com *.ads-twitter.com *.browsealoud.com *.cloudflare.com *.ctctcdn.com *.google.com *.googleadservices.com *.googletagmanager.com *.gstatic.com t.ifvox.com v2.libanswers.com *.licdn.com www.peakdemocracy.com *.sharethis.com public.tableau.com cdn.syndication.twimg.com *.cloudfront.net connect.facebook.net *.newrelic.com vjs.zencdn.net firstsearch.oclc.org *.typeform.com *.instagram.com cdn.rawgit.com cdn.jsdelivr.net a.fsdn.com/con/js/sftheme/vendor/modernizr.3.3.1.custom.js cdn.datatables.net; style-src 'self' 'unsafe-inline' *.force.com *.browsealoud.com ws.sharethis.com events.constantcontact.com static.ctctcdn.com *.googleapis.com *.gstatic.com cdn-images.mailchimp.com static.mailerlite.com ton.twimg.com platform.twitter.com vjs.zencdn.net cdnjs.cloudflare.com cdn.jsdelivr.net cdn.datatables.net; img-src 'self' data: blob: * www.google.es *.browsealoud.com *.constantcontact.com *.ctctcdn.com www.facebook.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com cascade2.libchat.com px.ads.linkedin.com track.mailerlite.com *.monsido.com *.newrelic.com *.sdge.com *.sharethis.com public.tableau.com *.twimg.com *.twitter.com www.wageworks.com static.wixstatic.com *.ytimg.com cola.unh.edu www.consumer.ftc.gov sandiego.gov *.sandiego.gov stats.g.doubleclick.net bam.nr-data.net firstsearch.oclc.org www.google.it www.google.pt www.google.com.ph www.google.com.om www.google.co.uk www.google.com.mx www.google.de www.google.co.in; frame-src 'self' *.waze.com td.doubleclick.net app.energycap.com api.exchqzdata.com datasd.typeform.com data: *.medallia.com *.amazonaws.com *.arcgis.com sandiego.bibliocommons.com www.facebook.com support.gale.com *.google.com portal.hdontap.com manage.hdrelay.com cdn.knightlab.com stories.opengov.com www.opentownhall.com www.peakdemocracy.com prezi.com sandiego.seamlessdocs.com public.tableau.com app.truelook.com *.twitter.com player.vimeo.com youtube.com www.youtube.com www.youtube-nocookie.com *.sandiego.gov *.sharethis.com c.sharethis.mgr.consensu.org *.granicus.com app.powerbigov.us *.instagram.com *.hylandcloud.com app.truelook.cloud *.smartsheet.com padlet.com *.indigov.com *.office365.com forms.office.com data.census.gov; font-src 'self' data: *.force.com themes.googleusercontent.com fonts.gstatic.com *.sandiego.gov vjs.zencdn.net fonts.googleapis.com cdnjs.cloudflare.com; connect-src 'self' data: blob: www.google.ca *.hdrelay.com *.kampyle.com *.nr-data.net *.force.com *.browsealoud.com *.constantcontact.com *.ctctcdn.com www.facebook.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com cascade2.libchat.com px.ads.linkedin.com track.mailerlite.com *.medallia.com *.monsido.com *.newrelic.com *.sdge.com *.sharethis.com speech.speechstream.net public.tableau.com *.twimg.com *.twitter.com www.wageworks.com static.wixstatic.com cola.unh.edu www.consumer.ftc.gov sandiego.gov *.sandiego.gov stats.g.doubleclick.net bam.nr-data.net speech.speechstream.net firstsearch.oclc.org *.granicus.com *.us-west-2.amazonaws.com wss://*.us-west-2.amazonaws.com; report-uri /report-csp-violation |
| Expires | Sun, 19 Nov 1978 05:00:00 GMT |
| Server | nginx |
| X-Drupal-Cache | MISS |
| Content-Type | text/html; charset=UTF-8 |
| Permissions-Policy | accelerometer=(), autoplay=self, bluetooth=(), camera=(), gyroscope=(), magnetometer=(), microphone=(), screen-wake-lock=(), usb=() |
| Etag | W/"1744108041" |
| X-Drupal-Dynamic-Cache | UNCACHEABLE (poor cacheability) |
| X-Styx-Req-Id | 0e1719fb-1464-11f0-ae24-2277a86cbb0c |
| Accept-Ranges | bytes |
| Via | 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish |
| X-Served-By | cache-chi-kigq8000122-CHI, cache-ams2100085-AMS, cache-ams21024-AMS, cache-ams21024-AMS |
| X-Pantheon-Styx-Hostname | styx-fe3-b-657bb69d44-6j2sp |
| Connection | keep-alive |
| Strict-Transport-Security | max-age=31622400; includeSubDomains; preload |
| Cache-Control | max-age=86400, public |
| X-Content-Type-Options | nosniff |
| Age | 340 |
| X-Cache-Hits | 5, 0, 0, 0 |
| Content-Language | en |
| Last-Modified | Tue, 08 Apr 2025 10:27:21 GMT |
| X-Frame-Options | SAMEORIGIN |
| X-Timer | S1744108383.938002,VS0,VE9 |
| Vary | Accept-Encoding, Cookie, Origin, Cookie, Cookie |
| Referrer-Policy | no-referrer-when-downgrade |
| X-Generator | Drupal 10 (https://www.drupal.org) |
| X-Cache | HIT, HIT, MISS, MISS |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar