HTTP Headers Analysis for https://cf.conversionomics.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

frame-ancestors; default-src; object-src; +8 more

frame-ancestors 'self'; default-src 'self' https://*.googleapis.com; object-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-eval' https://www.gstatic.com https://www.gstatic.com/recaptcha/ https://www.gstatic.com/recaptcha/releases/ www.google.com/recaptcha/api.js 'sha256-4Te/oWiW3qn540oBP+o5nDsgoMXGYoFxKabxzTNpVCs=' 'sha256-3eAiGWsVE9d4n8F7BQCNTwcsM8SRA53OLRYoBiGCAcw=' 'sha256-d0Fgfw+4NXOASsrqrNfA9jkVTt63bKILsFDnkAxkUsg=' https://*.google-analytics.com https://*.helpscout.net https://apis.google.com https://*.hotjar.com https://*.clover.com; connect-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://analytics.google.com https://www.google-analytics.com https://*.cloudfront.net https://*.googleapis.com https://*.helpscout.net https://sockjs-helpscout.pusher.com wss://ws-helpscout.pusher.com https://*.gstatic.com https://*.googleusercontent.com https://apis.google.com https://cx-6u2s33mliq-uc.a.run.app https://c5-6u2s33mliq-uc.a.run.app https://nc-ai-agent-data-analyst-2jfu4lrr2q-uc.a.run.app https://nc-ai-agent-data-analyst-staging-2jfu4lrr2q-uc.a.run.app https://dcm-dot-conversionomics-5-staging.appspot.com/ https://us-central1-conversionomics-5-staging.cloudfunctions.net https://conversionomics-5-staging.firebaseio.com https://cx.conversionomics.com https://c5-26skr7fb3a-uc.a.run.app https://dcm-dot-conversionomics-5-production.appspot.com/ https://us-central1-conversionomics-5-production.cloudfunctions.net https://conversionomics-5-production.firebaseio.com https://cx-l6r3aldeha-uc.a.run.app https://dcm-dot-conversionomics-5-development.appspot.com/ https://us-central1-conversionomics-5-development.cloudfunctions.net https://conversionomics-5-development.firebaseio.com https://*.hotjar.com https://vc.hotjar.io:* wss://*.hotjar.com blob:; font-src 'self' https://fonts.gstatic.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com; img-src 'self' https://www.gstatic.com/recaptcha/ https://*.googleusercontent.com https://*.googleapis.com https://www.google.com/images/ https://*.cloudfront.net https://script.hotjar.com https://*.clover.com; frame-src 'self' https://www.google.com/ https://app.conversionomics.com https://nc.conversionomics.com https://conversionomics-5-production.web.app https://conversionomics-5-production.firebaseapp.com https://conversionomics-5-staging.firebaseapp.com https://vars.hotjar.com https://www.youtube.com https://*.clover.com; worker-src 'self' blob:;

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

same-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

Performance Headers

4 headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

x-fh-requested-host, accept-encoding

Caching Headers

3 headers

Cache-Control

Caching

no-cache, no-store, must-revalidate

Etag

Caching

"7e2c289478a2cd55b02a167eac68b50c5b07d479717982f6c5286185d4eeba9e"

Last-Modified

Caching

Mon, 22 Dec 2025 22:17:38 GMT

Content Headers

1 headers

Content-Type

Content

text/html; charset=utf-8

Server Headers

0 headers

No server headers found

CORS Headers

1 headers

Access-Control-Allow-Origin

Cors

*

Cookies Headers

0 headers

No cookies headers found

Other Headers

6 headers

Alt-Svc

Other

h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

Date

Other

Tue, 23 Dec 2025 05:02:44 GMT

X-Cache

Other

MISS

X-Cache-Hits

Other

0

X-Served-By

Other

cache-iad-kcgs7200136-IAD

X-Timer

Other

S1766466164.354479,VS0,VE117

Recommendations

Enable compression (gzip/brotli) to improve performance