HTTP Headers Analysis for https://clario.co

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Basic

default-src; frame-src; child-src; +6 more

default-src 'self' *.clario.co *.kromtech.net *.altcdn.co;frame-src 'self' *.liadm.com *.doubleclick.net *.hotjar.com *.google.com *.facebook.com *.youtube.com *.youtube-nocookie.com https://*.google.com https://*.hotjar.com *.clario.co *.altcdn.co https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.trustpilot.com *.googletagmanager.com https://dl2.clario.co/;child-src 'self';img-src 'self' *.kromtech.net *.clario.co *.altcdn.co *.ytimg.com data: *.visualwebsiteoptimizer.com *.bing.com *.google-analytics.com *.facebook.com *.liadm.com *.doubleclick.net *.hotjar.com *.owox.com *.zoomsupport.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.taboola.com *.googletagmanager.com *.clarity.ms *.linkedin.com/ https://p.adsymptotic.com https://impressions.onelink.me https://unpkg.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clario.co *.altcdn.co *.google.com *.taboola.com https://*.google.com *.gstatic.com https://*.gstatic.com *.google-analytics.com https://*.google-analytics.com *.googletagmanager.com https://*.googletagmanager.com *.googleadservices.com *.bing.com *.facebook.net *.hotjar.com https://*.hotjar.com *.liadm.com *.visualwebsiteoptimizer.com *.kromtech.net https://*.kromtech.net *.doubleclick.net *.youtube.com *.ytimg.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googleoptimize.com/ https://snap.licdn.com https://websdk.appsflyer.com *.trustpilot.com *.sentry-cdn.com http://cdn.mxpnl.com *.mackeeper.com *.clarity.ms https://api.account.mackeeper.com https://api.account.sz.mackeeper.com;style-src 'self' 'unsafe-inline' *.clario.co *.altcdn.co *.googleapis.com *.kromtech.net https://*.kromtech.net *.google.com *.googletagmanager.com https://zchat.account.sz.clario.co https://zchat.account.clario.co https://zchat.account.mackeeper.com https://zchat.account.sz.mackeeper.com;font-src 'self' data: *.clario.co *.altcdn.co *.gstatic.com *.hotjar.com *.kromtech.net https://*.kromtech.net https://zchat.account.sz.clario.co https://zchat.account.clario.co https://cdn.appsflyer.com https://zchat.account.sz.mackeeper.com https://zchat.account.mackeeper.com;object-src 'self';connect-src 'self' *.clario.co *.altcdn.co http://clario.co https://clario.co *.google.com *.kromtech.net http://kromtech.net https://kromtech.net *.facebook.com *.hotjar.io *.hotjar.com *.doubleclick.net *.google-analytics.com *.taboola.com wss://*.hotjar.com https://*.hotjar.com https://firebasedynamiclinks.googleapis.com/ *.appsflyer.com https://sentry.cloudmccloud.com https://api-js.mixpanel.com https://crm.account.mackeeper.com https://crm.account.sz.mackeeper.com https://chat-crm.account.mackeeper.com https://chat-crm.account.sz.mackeeper.com/ *.mackeeper.com *.clarity.ms *.sentry-cdn.com https://api.account.mackeeper.com https://api.account.sz.mackeeper.com https://api-ne.mackeeper.com

X-Frame-Options

Present

: allow-from https://www.youtube.com https://giphy.com https://vimeo.com https://clario.co https://sz.clario.co https://www.slideshare.net

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

Caching Headers

1 headers

Cache-Control

Caching

no-cache, private

Content Headers

1 headers

Content-Type

Content

text/html; charset=UTF-8

Server Headers

0 headers

No server headers found

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

country=US; expires=Mon, 22-Jun-2026 17:35:40 GMT; Max-Age=15552000; path=/; domain=.clario.co; secure; httponly; samesite=lax

Other Headers

1 headers

Date

Other

Wed, 24 Dec 2025 17:35:40 GMT

Recommendations

Enable compression (gzip/brotli) to improve performance