Open
Cached
·
just now
22
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=63072000
Content-Security-Policy
Basic
default-src; script-src; connect-src; +9 more
default-src 'self' consentcdn.cookiebot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storylane.io js.qualified.com bat.bing-int.com www.googleadservices.com analytics.ahrefs.com obs.forroundprince.com ob.forroundprince.com *.stackadapt.com app.vwo.com munchkin.marketo.net *.mktoweb.com challenges.cloudflare.com bluebeam2--shareddev.sandbox.my.salesforce-sites.com bluebeam2--staging.sandbox.my.salesforce-sites.com bluebeam2--shareddev.sandbox.my.site.com *.vidyard.com *.bluebeam.com *.wpengine.com *.pardot.com www.google-analytics.com fonts.gstatic.com *.cookiebot.com www.googletagmanager.com *.visualwebsiteoptimizer.com connect.facebook.net googleads.g.doubleclick.net *.hotjar.net *.hotjar.com snap.licdn.com bat.bing.com s.yimg.com snap.licdn.com *.google.com bat.bing.com sp.analytics.yahoo.com px.ads.linkedin.com stats.g.doubleclick.net www.facebook.com p.adsymptotic.com cdn.linkedin.oribi.io www.youtube.com; connect-src 'self' *.visualwebsiteoptimizer.com play.vidyard.com wss://ws6.qualified.com app.vwo.com app.qualified.com google.com tsvc.bluebeam.com tsvc.bluebeam.com.au tsvc.bluebeam.se tsvc.bluebeam.co.uk tsvc.bluebeam-dev.com refer.bluebeam.com *.sheerid.net *.sheerid.com analytics.ahrefs.com obs.forroundprince.com tsvc.bluebeam.de *.stackadapt.com *.mktoresp.com *.execute-api.us-east-1.amazonaws.com *.execute-api.eu-west-2.amazonaws.com *.execute-api.ap-southeast-2.amazonaws.com *.execute-api.eu-central-1.amazonaws.com *.execute-api.eu-north-1.amazonaws.com region1.analytics.google.com *.analytics.google.com bluebeam2--shareddev.sandbox.my.salesforce-sites.com bluebeam2--staging.sandbox.my.salesforce-sites.com bluebeam2--shareddev.sandbox.my.site.com content.hotjar.io wss://ws.hotjar.com px.ads.linkedin.com pagead2.googlesyndication.com www.google-analytics.com stats.g.doubleclick.net vc.hotjar.io s.yimg.com *.hotjar.com *.cookiebot.com analytics.google.com *.visualwebsiteoptimizer.com yoast.com www.google.com cdn.linkedin.oribi.io googleads.g.doubleclick.net gw.linkedin.oribi.io ad.doubleclick.net www.facebook.com bat.bing.com www.googleapis.com; img-src 'self' data: *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io attr.ml-api.io secure.adnxs.com s.ml-attr.com www.googleadservices.com obs.forroundprince.com ade.googlesyndication.com arttrk.com imgsct.cookiebot.com www.google.co.uk www.google.nl www.google.no www.google.fr www.google.es www.google.dk www.google.se www.google.co.jp www.google.co.kr www.google.it www.google.fi www.google.be www.google.com.au *.vidyard.com *.visualwebsiteoptimizer.com sp.analytics.yahoo.com *.bing.com www.facebook.com px.ads.linkedin.com www.google.com p.adsymptotic.com secure.gravatar.com www.linkedin.com www.google-analytics.com gw.linkedin.oribi.io www.googletagmanager.com ad.doubleclick.net ps.w.org; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com p.typekit.net use.typekit.net *.stackadapt.com bluebeam2--shareddev.sandbox.my.salesforce-sites.com bluebeam2--staging.sandbox.my.salesforce-sites.com bluebeam2--shareddev.sandbox.my.site.com *.bluebeam.com *.wpengine.com fonts.googleapis.com; base-uri 'self'; form-action 'self' *.bluebeam.com www.facebook.com *.my.salesforce.com *.salesforce.com; object-src data: 'unsafe-eval'; font-src 'self' use.typekit.net p.typekit.net *.bluebeam.com *.wpengine.com fonts.googleapis.com fonts.gstatic.com data: 'unsafe-eval'; media-src 'self' app.qualified.com *.bluebeam.com *.wpengine.com *.cookiebot.com; frame-src 'self' www.google.com *.storylane.io *.visualwebsiteoptimizer.com app.vwo.com blob: app.qualified.com www.googletagmanager.com challenges.cloudflare.com *.vidyard.com *.bluebeam.com *.cookiebot.com *.hotjar.com www.facebook.com www.youtube.com td.doubleclick.net 9747788.fls.doubleclick.net roicalbucket.s3-website-us-east-1.amazonaws.com roical.bluebeam-dev.com roical.bluebeam.com go.pardot.com; worker-src 'self' blob: ;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding,Cookie
Caching Headers
1 headers
Cache-Control
Caching
max-age=600, must-revalidate
Content Headers
1 headers
Content-Type
Content
text/html; charset=UTF-8
Server Headers
1 headers
Server
Server
cloudflare
CORS Headers
1 headers
Access-Control-Allow-Origin
Cors
https://bluebeam2.my.salesforce-sites.com
Cookies Headers
1 headers
Set-Cookie
Cookies
__cf_bm=nsnu26HukTGcljtDUSQDlw7NSNPxmxQpnrbYUdIc5ok-1768581929-1.0.1.1-_rd1oKZYx_k8I1iPKKwq47QIPEkXllyEubBN6AYzXMpXNR0ppXe_gtndTiit7gqTgwuOqWPEtUE_9ws557uUWatZ4fwl74UiXdAD1_Lr_Mk; path=/; expires=Fri, 16-Jan-26 17:15:29 GMT; domain=.www.bluebeam.com; HttpOnly; Secure; SameSite=None
Other Headers
9 headers
Alt-Svc
Other
h3=":443"; ma=86400
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
9bef15623d0582b7-IAD
Date
Other
Fri, 16 Jan 2026 16:45:29 GMT
Link
Other
<https://www.bluebeam.com/>; rel=shortlink
Permission-Policy
Other
geolocation=();midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
X-Cache
Other
HIT: 360
X-Cache-Group
Other
normal
X-Cacheable
Other
SHORT
Recommendations
Enable compression (gzip/brotli) to improve performance