HTTP Headers Analysis for https://app.holaspirit.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000; includeSubdomains

Content-Security-Policy

Weak

frame-ancestors; frame-src

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

no-referrer, strict-origin-when-cross-origin

Permissions-Policy

Present

geolocation=(), microphone=*, camera=*, fullscreen=*, sync-xhr=(*)

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Significantly strengthen CSP directives

Performance Headers

3 headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Vary

Performance

Accept-Encoding

Caching Headers

4 headers

Cache-Control

Caching

no-cache

Etag

Caching

"695e5f95-43c"

Expires

Caching

Tue, 20 Jan 2026 01:15:06 GMT

Last-Modified

Caching

Wed, 07 Jan 2026 13:28:53 GMT

Content Headers

2 headers

Content-Length

Content

1084

Content-Type

Content

text/html

Server Headers

1 headers

Server

nginx

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

3 headers

Content-Security-Policy-Report-Only

Other

default-src data: 'self' ; img-src * data: ; script-src https://js.live.net https://app.satismeter.com https://widget.intercom.io https://js.intercomcdn.com https://*.google.com https://www.dropbox.com https://client.crisp.chat 'unsafe-eval' 'unsafe-inline' 'self' ; style-src https://fonts.googleapis.com https://client.crisp.chat 'self' 'unsafe-inline' ; font-src https://fonts.gstatic.com https://fonts.intercomcdn.com https://client.crisp.chat data:; connect-src 'self' https://app.satismeter.com https://sentry.io wss://ws-eu.pusher.com https://sockjs-eu.pusher.com https://status.holaspirit.com https://mx.holaspirit.com https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io wss://client.relay.crisp.chat https://client.crisp.chat; manifest-src * ; frame-src https://join-az05.talkspirit.com https://docs.google.com/ ;frame-ancestors *.sharepoint.com; report-uri https://webhook.talkspirit.com/v1/incoming/csp-report;

Date

Other

Tue, 20 Jan 2026 01:15:07 GMT

X-Via

Other

web08

Recommendations

Enable compression (gzip/brotli) to improve performance