HTTP Headers Analysis for https://2020brands.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Weak

upgrade-insecure-requests

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()

Recommendations

• Significantly strengthen CSP directives

Performance Headers

3 headers

Connection

Performance

Upgrade, close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding,User-Agent

Caching Headers

2 headers

Cache-Control

Caching

max-age=600

Expires

Caching

Fri, 16 Jan 2026 03:49:31 GMT

Content Headers

1 headers

Content-Type

Content

text/html; charset=UTF-8

Server Headers

1 headers

Server

Apache

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

5 headers

Content-Security-Policy-Report-Only

Other

default-src 'self' *.foxtrotmarketing.com *.2020brands.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org js.zohocdn.com www.googletagmanager.com www.gstatic.com salesiq.zohopublic.com salesiq.zoho.com www.google-analytics.com www.google.com ajax.googleapis.com *.foxtrotmarketing.com *.2020brands.com seal.godaddy.com; connect-src 'self' ws: wss: 'unsafe-inline' cdn.cookielaw.org *.foxtrotmarketing.com *.2020brands.com salesiq.zohopublic.com ws://vts.zohopublic.com wss://vts.zohopublic.com js.zohocdn.com www.google-analytics.com www.googletagmanager.com www.google.com salesiq.zoho.com stats.g.doubleclick.net *.analytics.google.com adservice.google.com t.clarity.markers f.clarity.ms analytics.google.com; img-src 'self' data: cdn.cookielaw.org *.foxtrotmarketing.com *.2020brands.com www.google-analytics.com seal.godaddy.com cdnp.sanmar.com www.google.com *.clarity.ms; style-src 'self' 'unsafe-inline' *.foxtrotmarketing.com *.2020brands.com p.typekit.net use.typekit.net css.zohocdn.com js.zohocdn.com seal.godaddy.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; base-uri 'self' *.foxtrotmarketing.com *.2020brands.com; form-action 'self' *.foxtrotmarketing.com *.2020brands.com; frame-src 'self' *.foxtrotmarketing.com td.doubleclick.net *.2020brands.com www.google.com www.googletagmanager.com forms.zohopublic.com; frame-ancestors 'self' *.2020brands.com *.foxtrotmarketing.com app.hubspot.com creatorapp.zohopublic.com www.google.com; font-src 'self' data: *.foxtrotmarketing.com *.2020brands.com www.google.com use.typekit.net fonts.gstatic.com css.zohocdn.com themes.googleusercontent.com maxcdn.bootstrapcdn.com fonts.googleapis.com; frame-ancestors 'self' *.2020brands.com *.foxtrotmarketing.com app.hubspot.com creatorapp.zohopublic.com www.google.com; script-src-elem 'self' 'unsafe-inline' *.foxtrotmarketing.com *.2020brands.com *.wistia.com ajax.googleapis.com cdn.pagesense.io code.jquery.com js-na1.hs-scripts.com js.authorize.net js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.hscollectedforms.net js.hsforms.net js.hubspot.com salesiq.zoho.com seal.godaddy.com stats.wp.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.clarity.ms; style-src-elem 'self' 'unsafe-inline' *.foxtrotmarketing.com *.2020brands.com www.google.com maxcdn.bootstrapcdn.com use.typekit.net p.typekit.net fonts.googleapis.com www.gstatic.com; report-uri /csptesting/csp-reports.php

Date

Other

Fri, 16 Jan 2026 03:39:31 GMT

Link

Other

<https://www.foxtrotmarketing.com/wp-json/>; rel="https://api.w.org/", <https://www.foxtrotmarketing.com/wp-json/wp/v2/pages/108>; rel="alternate"; title="JSON"; type="application/json", <https://www.foxtrotmarketing.com/>; rel=shortlink

Upgrade

Other

h2,h2c

X-Permitted-Cross-Domain-Policies

Other

none

Recommendations

Enable compression (gzip/brotli) to improve performance