HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 20:03:42 GMT Content-Type: text/html;charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive X-Frame-Options: DENY X-XSS-Protection: 1; mode=block Last-Modified: Tue, 25 Mar 2025 20:03:42 GMT Strict-Transport-Security: max-age=31536000 Set-Cookie: metabase.DEVICE=691cd0bf-43dd-4b19-9b94-f42a6c7c3511; HttpOnly; Path=/; Expires=Sat, 25 Mar 2045 20:03:42 GMT; SameSite=Lax X-Permitted-Cross-Domain-Policies: none Cache-Control: max-age=0, no-cache, must-revalidate, proxy-revalidate X-Content-Type-Options: nosniff Content-Security-Policy: font-src *; script-src 'self' https://maps.google.com https://accounts.google.com 'sha256-9uFLu5CG8mWlvx0LK6lgendCxUX57TuWk3wkgZpBeWU=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE=' 'sha256-3N2Z+Nu++/yNMVHIl863JigVmt2Nr9gt2doEMJT2Wzk='; style-src 'self' 'nonce-LekzWCSLnz' https://accounts.google.com; manifest-src 'self'; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com ; img-src * 'self' data:; frame-src 'self' youtube.com *.youtube.com youtu.be *.youtu.be loom.com *.loom.com vimeo.com *.vimeo.com docs.google.com calendar.google.com airtable.com *.airtable.com typeform.com *.typeform.com canva.com *.canva.com codepen.io *.codepen.io figma.com *.figma.com grafana.com *.grafana.com miro.com *.miro.com excalidraw.com *.excalidraw.com notion.com *.notion.com atlassian.com *.atlassian.com trello.com *.trello.com asana.com *.asana.com gist.github.com linkedin.com *.linkedin.com twitter.com *.twitter.com x.com *.x.com; default-src 'none'; child-src 'self' https://accounts.google.com; frame-ancestors 'none'; Expires: Tue, 03 Jul 2001 06:00:00 GMT Server: Jetty(11.0.24)
Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.
