HTTP Headers Analysis for https://app.usersnap.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Good

default-src; script-src; connect-src; +7 more

default-src *.usersnap.com 'nonce-e5f9cb42e3423e5da35db73a14e61eb0'; script-src *.usersnap.com 'nonce-e5f9cb42e3423e5da35db73a14e61eb0' https://js.stripe.com *.facebook.net https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://*.googletagmanager.com www.google-analytics.com *.stream-io-api.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://r.wdfl.co; connect-src *.usersnap.com https://s3.eu-central-1.amazonaws.com https://api.stripe.com https://www.googleapis.com https://www.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com ws: wss: https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.ingest.sentry.io https://stats.g.doubleclick.net https://formkeep.com https://api.getrewardful.com wss:; style-src *.usersnap.com 'unsafe-inline' fonts.googleapis.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.google.com; img-src *.usersnap.com blob: data: https://www.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-9.comres.cloudinary.com https://intercom.help twemoji.maxcdn.com www.gravatar.com *.wp.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://i0.wp.com https://*.atlassian.net https://*.atlassian.com; media-src *.usersnap.com https://js.intercomcdn.com; font-src *.usersnap.com fonts.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src *.usersnap.com https://js.stripe.com https://hooks.stripe.com https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.loom.com/; worker-src *.usersnap.com https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com; frame-ancestors 'self';

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Strengthen CSP by removing 'unsafe-eval'
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

Caching Headers

0 headers

No caching headers found

Content Headers

1 headers

Content-Type

Content

text/html

Server Headers

0 headers

No server headers found

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

AWSALBCORS=IfrN8RaYJChx+oSpX9zKRirSRhqg7rv64mbsboXukp86x3cExNpKpluEf1WRf54408kj9Fy9Ap8vqFj0GEB11J5VQgztYrOEPdW30JLdj43C/lwt8grgQQ77akNB; Expires=Tue, 10 Feb 2026 20:23:53 GMT; Path=/; SameSite=None; Secure

Other Headers

1 headers

Date

Other

Tue, 03 Feb 2026 20:23:53 GMT

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching