wealthmanagement.citi.com
Risk Score: 0Last scanned: 2025-10-04 01:04:42 UTC • Duration: 10645ms • View Scan Details →
2
Total Scans
Missing
CSP Status
6
Security Headers
0
CSP Violations
Security Headers
Referrer-Policy
strict-origin-when-cross-origin
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
Permissions-Policy
accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(), encrypted-media=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=*, usb=(), web-share=*, xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), hid=(), idle-detection=(), serial=(), window-placement=()
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31557600; includeSubDomains
Content Security Policy
Policy Source: header
upgrade-insecure-requests; default-src 'self'; script-src 'self' 'nonce-831c9711a2fbe83f05228376586a3c74' 'strict-dynamic' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: citi.com *.citi.com *.google.com googletagmanager.com *.googletagmanager.com *.ensighten.com *.doubleclick.net *.analytics.yahoo.com bat.bing.com *.scorecardresearch.com *.demdex.com; object-src 'none'; connect-src 'self' *.citi.com *.google.com googletagmanager.com *.googletagmanager.com *.google-analytics.com *.ensighten.com siteintercept.qualtrics.com *.siteintercept.qualtrics.com *.doubleclick.net *.tvpixel.com s.yimg.com bat.bing.com *.demdex.net; frame-src 'self' googletagmanager.com *.googletagmanager.com *.doubleclick.net *.demdex.net; form-action 'self'; base-uri 'self'; report-uri https://wealthmanagement.citi.com/_csp; report-to csp-reports;