HTTP Headers Analysis for https://answerconnect.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

upgrade-insecure-requests; default-src; sandbox; +11 more

upgrade-insecure-requests; default-src 'self'; sandbox allow-popups allow-scripts allow-same-origin allow-forms allow-downloads allow-popups-to-escape-sandbox allow-presentation ; frame-ancestors 'self' https://www.youtube.com/; form-action https://www.facebook.com/tr/; base-uri 'self';img-src 'self' https://www.google.co.in/ads/ https://www.google-analytics.com/ https://ssl.google-analytics.com/ data: https://storage.googleapis.com/branddesignmanager/ https://storage.googleapis.com/answerconnect-website/ https://assets.answerconnect.com/ https://www.google.co.in/pagead/ https://www.google.com/ads/ga-audiences https://www.googletagmanager.com/ https://www.google.com/pagead/ https://bat.bing.com/action/ https://app.chatsupport.co/api/ https://sync.outbrain.com/ https://simage2.pubmatic.com/AdServer/ https://sync.taboola.com/ https://googleads.g.doubleclick.net/pagead/ https://px.ads.linkedin.com/ https://d.adroll.com/ https://p.adsymptotic.com/ https://dsum-sec.casalemedia.com/ https://pixel.advertising.com/ https://pixel.rubiconproject.com/ https://a.tribalfusion.com/ https://eb2.3lift.com/ https://ads.yahoo.com/cms/ https://x.bidswitch.net/ https://ib.adnxs.com/ https://idsync.rlcdn.com/ https://us-u.openx.net/ https://www.facebook.com/tr/ https://u.fg8dgt.com/ https://www.linkedin.com/px/ https://ups.analytics.yahoo.com/ups/ https://segments.company-target.com/ https://blip.bizrate.com/ https://analytics.twitter.com/i/ https://testgvbgjbhjb.com/ https://nxtck.com/ https://cm.g.doubleclick.net/ https://token.rubiconproject.com/ https://d.adroll.com/cm/ https://storage.googleapis.com/livesupport/chat/images/ https://google.com/ https://px.ads.linkedin.com/collect/ https://storage.googleapis.com/full-assets/ https://lh3.googleusercontent.com/ https://dp-sync.dotomi.com/ https://pix.impdesk.com/csync/ https://su.addthis.com/ https://aorta.clickagy.com/ https://sync.placelocal.com/ https://pixel.jumptap.com/e/v1/pixel/ https://www.storygize.net/ https://mmtro.com/cse/ https://rp.gwallet.com/r1/ https://cm.ctnsnet.com/int/ https://avatar.anywhere.app/files/ https://ds.reson8.com/ https://fonts.gstatic.com/s/i/googlematerialicons/ https://t.myvisualiq.net/ https://ps.eyeota.net/ https://tag.clrstm.com/ https://sync.mediawallahscript.com/ https://pxl.connexity.net/ https://dmpsync.3lift.com/ https://ssp.videostat.com/ssp/ https://px.gumgum.com/liveramp/ https: https://*.chatsupport.co;script-src 'self' 'nonce-c8e55a8856cb4fcc87842f5ab16f6787' 'unsafe-eval' 'unsafe-inline' https://utt.impactcdn.com/ https://*.tiktok.com/ https://www.google-analytics.com/ga.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/ https://www.googletagmanager.com/ https://storage.googleapis.com/clientaccess/ https://storage.googleapis.com/branddesignmanager/AnswerconnectWebsite/ https://storage.googleapis.com/answerconnect-website/us/js/ https://www.googleoptimize.com/ https://static.hotjar.com/c/ https://*.chatsupport.co https://assets.answerconnect.com/common/js/ https://bat.bing.com/ https://cdn.callrail.com/companies/ https://www.clickcease.com/monitor/ https://connect.facebook.net/ https://*.smartlook.com https://*.smartlook.cloud https://js.callrail.com/group/ https://widget.trustpilot.com/bootstrap/ https://px.ads.linkedin.com/ https://dc.ads.linkedin.com/ https://cdn.linkedin.oribi.io/ https://s.adroll.com/ https://d.adroll.mgr.consensu.org/consent/ https://d.adroll.com/ https://script.hotjar.com/ https://app.chatsupport.co/api/ https://snap.licdn.com/li.lms-analytics/ https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js https://script.tapfiliate.com/ https://sc.lfeeder.com/ https://www.googleadservices.com/pagead/ https://googleads.g.doubleclick.net/pagead/ https://g.microsoft.com/clarity/ https://signup.answerconnect.com/ https://assets.setmore.com/integration/static/setmoreIframeLive.js https://storage.googleapis.com/answerconnect-website/ https://*.clarity.ms/ https://*.taboola.com/ blob: https://js.sentry-cdn.com/ https://browser.sentry-cdn.com/ https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js https://unpkg.com/@fingerprintjs/[email protected]/dist/fp.min.js ;style-src 'self' 'unsafe-inline' https: https://assets.setmore.com/ ;font-src 'self' data: https://use.typekit.net https://storage.googleapis.com/livesupport/chat/fonts/ ;connect-src 'self' https://*.google-analytics.com/ https://o151188.ingest.us.sentry.io/ https://www.google.com/ https://answerconnect.pxf.io/ https://*.tiktok.com/ https://www.googletagmanager.com/ https://stats.g.doubleclick.net/ https://api.chatsupport.co/api/ https://in.hotjar.com/ https://script.googleusercontent.com/macros/ https://signup.answerconnect.com/ https://signup.staging.answerconnect.com/ wss://rtmserver.anywhereworks.com/ https://vc.hotjar.io/ wss://vc.hotjar.io/ https://*.hotjar.com/ https://*.chatsupport.co https://o151188.ingest.sentry.io https://analytics.google.com/ https://pagead2.googlesyndication.com/ https://capig.stape.ai/ wss://*.hotjar.com/ https://script.google.com/a/anywhere.co/macros/ https://optimize.google.com/ https://px.ads.linkedin.com/ https://dc.ads.linkedin.com/ https://cdn.linkedin.oribi.io/ https://signup.staging.answerconnect.com/services/ https://js.callrail.com/ https://bat.bing.com/actionp/ https://monitor.clickcease.com/conversions/api/ https://www.facebook.com/tr/ https://frstre.com/ https://signup.answerconnect.com/ https://manager.eu.smartlook.cloud/rec/ https://assets-proxy.smartlook.cloud/ https://events-writer.smartlook.com/rec/ https://web-writer.sg.smartlook.cloud/rec/ https://*.smartlook.com https://*.smartlook.cloud https://hooks.zapier.com/ https://www.youtube.com/ https://cdn.linkedin.oribi.io/partner/1935674/domain/ https://*.clarity.ms/ https://storage.staging.answerconnect.com/app https://storage.answerconnect.com/app https://storage.googleapis.com/stag-fullstorage https://storage.googleapis.com/fullstorage wss://rtmserver.anywhereworks.com/ wss://stagingrtm.anywhereworks.com https://*.taboola.com/ https://analytics.google.com/ https://region1.google-analytics.com/ ;media-src 'self' https://storage.googleapis.com/livesupport/ https://storage.googleapis.com/answerconnect-website/ https://assets.answerconnect.com/anywhereworks/videos/ https://*.chatsupport.co;frame-src 'self' https://x.adroll.com/ https://www.googletagmanager.com/ https://vars.hotjar.com/ https://www.facebook.com/ https://optimize.google.com/ https://bid.g.doubleclick.net/ https://widget.trustpilot.com/ https://my.setmore.com/ https://assets.setmore.com/ https://booking.setmore.com/ https://answerconnectus.setmore.com/ https://td.doubleclick.net/ https://www.youtube.com/ ;object-src 'self' https://storage.googleapis.com/ https://assets.answerconnect.com/ ;

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

fullscreen=("https://www.youtube.com/")

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'

Performance Headers

2 headers

Connection

Performance

close

Vary

Performance

Accept-Encoding,Accept-Encoding, User-Agent

Caching Headers

2 headers

Expires

Caching

Thu, 01 Jan 1970 00:00:00 GMT

Last-Modified

Caching

Fri Jan 16 20:54:56 UTC 2026

Content Headers

2 headers

Content-Length

Content

275648

Content-Type

Content

text/html;charset=utf-8

Server Headers

1 headers

Server

Google Frontend

CORS Headers

3 headers

Access-Control-Allow-Headers

Cors

Origin, Content-Type, Accept

Access-Control-Allow-Methods

Cors

GET

Access-Control-Allow-Origin

Cors

https://www.answerconnect.com

Cookies Headers

1 headers

Set-Cookie

Cookies

JSESSIONID=TgDf0JdXqtIWSzU8ckyPBw; Path=/; Secure

Other Headers

6 headers

Alt-Svc

Other

h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Date

Other

Fri, 16 Jan 2026 20:54:57 GMT

Resp-Time

Other

1768596896905

Via

Other

1.1 google

X-Cloud-Trace-Context

Other

4fc7538420ce52f27b2d8ef6a7206c5b

X-Permitted-Cross-Domain-Policies

Other

none

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching