HTTP Headers Analysis for https://answerforce.co.uk

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

upgrade-insecure-requests; default-src; sandbox; +12 more

upgrade-insecure-requests; default-src 'self'; sandbox allow-popups allow-scripts allow-same-origin allow-forms allow-presentation allow-popups-to-escape-sandbox; frame-ancestors 'none'; form-action https://www.facebook.com/tr/; base-uri 'self'; report-uri 'none';img-src 'self' https://assets.answerforce.com/ https://storage.googleapis.com/answerforce/anfo-v2/icon-checkmark-green.svg https://www.google-analytics.com/ https://px.ads.linkedin.com/ https://www.google.com/pagead/1p-user-list/ https://www.googletagmanager.com/ https://www.google.co.in/pagead/ https://p.adsymptotic.com/d/ https://www.google.co.in/ads/ https://www.google.com/ads/ https://d.adroll.com/ https://dsum-sec.casalemedia.com/ https://pixel.advertising.com/ https://pixel.rubiconproject.com/ https://sync.outbrain.com/ https://simage2.pubmatic.com/ https://sync.taboola.com/ https://*.chatsupport.co https://eb2.3lift.com/ https://ads.yahoo.com/ https://x.bidswitch.net/ https://ib.adnxs.com/ https://idsync.rlcdn.com/ https://us-u.openx.net/ https://ups.analytics.yahoo.com/ https://www.facebook.com/tr/ https://ds.reson8.com/ https://segments.company-target.com/ https: data: ;script-src 'self' 'unsafe-inline' 'nonce-2a95f589d5b8445fb4548ea2691a2696' 'unsafe-eval' https://ajax.googleapis.com/ajax/libs/jquery/ https://maxcdn.bootstrapcdn.com/bootstrap/ https://unpkg.com/wavesurfer.js https://storage.googleapis.com/clientaccess/registration/ https://assets.answerforce.com/common/js/ https://ipinfo.io/ https://unpkg.com/[email protected]/dist/aos.js https://www.googletagmanager.com/gtm.js https://static.hotjar.com/c/ https://signup.staging.answerforce.com https://signup.answerforce.com https://script.hotjar.com/ https://d.adroll.mgr.consensu.org/consent/ https://s.adroll.com/j/ https://script.hotjar.com/ https://d.adroll.mgr.consensu.org/ https://d.adroll.com/consent/check/ https://www.google-analytics.com/analytics.js https://d.adroll.com/ https://*.smartlook.com https://*.smartlook.cloud https://connect.facebook.net/ https://app.anywherehelp.io/api/client/ https://www.clickcease.com/monitor/stat.js https://app.chatsupport.co/api/client/get/script/ https://*.chatsupport.co blob: https://js.sentry-cdn.com/ https://browser.sentry-cdn.com/ ;style-src 'self' 'unsafe-inline' https: ;font-src 'self' data: https://use.typekit.net https://storage.googleapis.com/livesupport/chat/fonts/ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/ ;connect-src 'self' https://o151188.ingest.us.sentry.io/ https://stats.g.doubleclick.net/ https://in.hotjar.com/api/v2/client/sites/ https://manager.eu.smartlook.cloud/rec/ https://o151188.ingest.sentry.io https://*.google-analytics.com/ https://assets-proxy.smartlook.cloud/ https://events-writer.smartlook.com/ https://web-writer.sg.smartlook.cloud/ https://*.smartlook.com https://*.smartlook.cloud https://vc.hotjar.io/sessions/ https://api.chatsupport.co wss://rtmserver.anywhereworks.com/ https://signup.answerforce.com https://signup.staging.answerforce.com https://ipinfo.io https://*.hotjar.com wss://*.hotjar.com https://storage.staging.answerforce.com/app https://storage.answerforce.com/app https://storage.googleapis.com/stag-fullstorage https://storage.googleapis.com/fullstorage wss://rtmserver.anywhereworks.com/ wss://stagingrtm.anywhereworks.com https://*.chatsupport.co https://www.googletagmanager.com/ ;media-src 'self' https://storage.googleapis.com/livesupport/ https://*.chatsupport.co ;frame-src 'self' https://www.googletagmanager.com/ https://www.youtube.com/ https://vars.hotjar.com/ https://bid.g.doubleclick.net/ https://*.setmore.com ;object-src 'self' ;

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers

Connection

Performance

close

Vary

Performance

Accept-Encoding,Accept-Encoding, User-Agent

Caching Headers

2 headers

Expires

Caching

Thu, 01 Jan 1970 00:00:00 GMT

Last-Modified

Caching

Fri Jan 16 02:48:54 UTC 2026

Content Headers

3 headers

Content-Language

Content

en-US

Content-Length

Content

54830

Content-Type

Content

text/html;charset=iso-8859-1

Server Headers

1 headers

Server

Google Frontend

CORS Headers

3 headers

Access-Control-Allow-Headers

Cors

Origin, Content-Type, Accept

Access-Control-Allow-Methods

Cors

GET

Access-Control-Allow-Origin

Cors

https://www.answerforce.com

Cookies Headers

1 headers

Set-Cookie

Cookies

JSESSIONID=o5O3HfUVWIDSJLci4XdCyw; Path=/; Secure

Other Headers

6 headers

Alt-Svc

Other

h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Date

Other

Fri, 16 Jan 2026 02:48:54 GMT

Resp-Time

Other

1768531734484

Via

Other

1.1 google

X-Cloud-Trace-Context

Other

4ded2f0d98b9e42d406e703a73c73c3f

X-Permitted-Cross-Domain-Policies

Other

none

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching