HTTP Headers Analysis for https://bolddesk.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

script-src; style-src; object-src; +3 more

script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: cdn.ampproject.org cdn-cookieyes.com https://calendly.com https://assets.calendly.com/ https://operations.syncfusion.com https://scripts.clarity.ms https://app.storylane.io js.storylane.io https://ajax.cloudflare.com https://api.onesignal.com https://accounts.google.com https://alcdn.msauth.net static.cloudflareinsights.com https://ipapi.co https://static.cloudflareinsights.com/ https://code.jquery.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com onesignal.com cdn.onesignal.com cdn.bolddesk.com app.factors.ai snap.licdn.com connect.facebook.net a.omwpapi.com a.omappapi.com api.factors.ai us-assets.i.posthog.com googleads.g.doubleclick.net legalforms.syncfusion.com tracking.g2crowd.com www.google.com startup.bolddesk.com www.gstatic.com cdnjs.cloudflare.com fast.wistia.com www.clarity.ms www.googletagmanager.com image.crisp.chat www.youtube.com storage.googleapis.com use.typekit.net ajax.googleapis.com client.crisp.chat www.bolddesk.com apis.google.com script.hotjar.com static.hotjar.com bat.bing.com bat.bing-int.com static.ads-twitter.com https://support.bolddesk.com www.redditstatic.com r.wdfl.co www.google-analytics.com; style-src 'self' 'unsafe-inline' storage.googleapis.com https://calendly.com https://assets.calendly.com/ legalforms.syncfusion.com cdn.bolddesk.com https://onesignal.com a.omappapi.com www.clarity.ms https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com www.googletagmanager.com fonts.googleapis.com image.crisp.chat startup.bolddesk.com cdn.ampproject.org client.crisp.chat www.bolddesk.com https://accounts.google.com https://alcdn.msauth.net script.hotjar.com static.hotjar.com; object-src 'none' ; img-src 'self' data: i.ytimg.com bat.bing.com https://calendly.com https://assets.calendly.com/ cdn-cookieyes.com https://cdn.bolddesk.com/chat/asset/CSAT_face_reaction_icon_v2.webp https://img.onesignal.com https://support.bolddesk.com https://cdnjs.cloudflare.com https://flagcdn.com px.ads.linkedin.com px4.ads.linkedin.com images.unsplash.com www.google.co.in www.facebook.com a.omappapi.com a.omwpapi.com www.google.com api.producthunt.com www.linkedin.com fonts.gstatic.com api.qrserver.com cdn.ampproject.org embed-ssl.wistia.com c.clarity.ms wp-rocket.me c.bing.com image.crisp.chat storage.googleapis.com www.clarity.ms www.youtube.com sp-ao.shortpixel.ai p.typekit.net secure.gravatar.com client.crisp.chat www.bolddesk.com www.googletagmanager.com static.hotjar.com t.co analytics.twitter.com fast.wistia.com alb.reddit.com www.google-analytics.com; frame-src 'self' a.omwpapi.com https://calendly.com https://assets.calendly.com/ https://operations.syncfusion.com https://app.storylane.io js.storylane.io www.youtube.com https://www.facebook.com/ www.googletagmanager.com https://accounts.google.com https://alcdn.msauth.net legalforms.syncfusion.com td.doubleclick.net startup.bolddesk.com www.google.com static.hotjar.com wp-rocket.me https://support.bolddesk.com; frame-ancestors 'self' wp-rocket.me www.youtube.com;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer-when-downgrade

Permissions-Policy

Present

accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'

Performance Headers

3 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

Caching Headers

4 headers

Age

Caching

12124

Cache-Control

Caching

max-age=1800, must-revalidate

Expires

Caching

Sat, 20 Dec 2025 11:52:37 GMT

Last-Modified

Caching

Fri, 19 Dec 2025 16:57:49 GMT

Content Headers

1 headers

Content-Type

Content

text/html; charset=UTF-8

Server Headers

1 headers

Server

cloudflare

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

7 headers

Alt-Svc

Other

h3=":443"; ma=86400

Cf-Cache-Status

Other

HIT

Cf-Ray

Other

9b101742ff428214-IAD

Date

Other

Sat, 20 Dec 2025 15:14:41 GMT

Server-Timing

Other

cfEdge;dur=18,cfOrigin;dur=0

Via

Other

1.1 google

X-Permitted-Cross-Domain-Policies

Other

none

Recommendations

Enable compression (gzip/brotli) to improve performance