Security Report Summary
R
Redirect: Click here to follow the redirect to https://www.jpmorgan.com/IE/en/about-us.
Site: https://www.jpmorgan.com/
IP Address: 23.72.36.240
Report Time: 10 Jun 2026 06:06:34 UTC
Headers:
  • X-Content-Type-Options
  • Strict-Transport-Security
  • Content-Security-Policy
  • X-Frame-Options
  • Referrer-Policy
  • Permissions-Policy
Advanced:
Perform a deeper security analysis of your website and APIs:
Missing Headers
Content-Security-PolicyContent Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets.
X-Frame-OptionsX-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking. Recommended value "X-Frame-Options: SAMEORIGIN".
Referrer-PolicyReferrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.
Permissions-PolicyPermissions Policy is a new header that allows a site to control which features and APIs can be used in the browser.
Raw Headers
HTTP/2302
x-content-type-optionsnosniff
locationhttps://www.jpmorgan.com/IE/en/about-us
content-length222
content-typetext/html; charset=iso-8859-1
varyAccept-Encoding
expiresWed, 10 Jun 2026 06:06:34 GMT
cache-controlmax-age=0, no-cache
pragmano-cache
dateWed, 10 Jun 2026 06:06:34 GMT
set-cookiehart=blue; path=/
set-cookieTS01be4e2d=010b80ed15cb82f48c02e7760655de7113fd95f8ac14cb20a1ac118fee76650069e01b77fbcafbe42b0af04c2a2c0be986d3635734; Path=/
set-cookieppnet_4236=!zycbPmumaeYguOvdLtIdPiN+FUkP74EWg1uF1p/nKk0EPYJdanDVVxuzqUFGRfWdm1vjtWGhF1WTXg==; path=/; Httponly; Secure
set-cookiegeo_country=IE; secure
set-cookiegeo_region=; secure
set-cookieAKA_A2=A; expires=Wed, 10-Jun-2026 07:06:34 GMT; path=/; domain=jpmorgan.com; secure; HttpOnly
server-timingcdn-cache; desc=MISS
server-timingedge; dur=84
server-timingorigin; dur=92
link<https://www.jpmorgan.com/content/dam/shared-assets/fonts/font-awesome/fa-sharp-regular-400.woff2>;rel="preload";as="font";type="font/woff2";crossorigin,<https://www.jpmorgan.com/content/dam/shared-assets/fonts/jpmorgan/global/amplitude-regular.woff2>;rel="preload";as="font";type="font/woff2";crossorigin,<https://www.jpmorgan.com/content/dam/shared-assets/fonts/jpmorgan/global/amplitude-medium.woff2>;rel="preload";as="font";type="font/woff2";crossorigin,<https://www.jpmorgan.com/content/dam/shared-assets/fonts/font-awesome/fa-brands-400.woff2>;rel="preload";as="font";type="font/woff2";crossorigin,<https://www.jpmorgan.com/content/dam/shared-assets/fonts/jpmorgan/global/Amplitude-Bold.woff2>;rel="preload";as="font";type="font/woff2";crossorigin,<https://www.jpmorgan.com/content/dam/shared-assets/fonts/jpmorgan/global/amplitude-light.woff2>;rel="preload";as="font";type="font/woff2";crossorigin
strict-transport-securitymax-age=15768000 ; includeSubDomains ; preload
server-timingak_p; desc="1781071594016_390604005_1607608467_17632_11849_0_4_15";dur=1
Upcoming Headers
Cross-Origin-Embedder-PolicyCross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP.
Cross-Origin-Opener-PolicyCross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser.
Cross-Origin-Resource-PolicyCross-Origin Resource Policy allows a resource owner to specify who can load the resource.
Additional Information
x-content-type-optionsX-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff".
strict-transport-securityHTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS.