HTTP Headers Analysis for https://contentserv.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Basic

script-src; connect-src; img-src; +7 more

script-src 'unsafe-inline' 'unsafe-eval' https://www.contentserv.com https://*.hsadspixel.net https://*.hs-analytics.net https://js.hscta.net https://js-eu1.hscta.net https://*.hubspot.com https://static.hsappstatic.net https://*.usemessages.com https://*.hs-banner.com https://*.hubspotusercontent-eu1.net https://*.hubspotusercontent-na1.net https://*.hubspotusercontent10.net https://*.hubspot.net https://*.hscollectedforms.net https://*.hsleadflows.net https://*.hsforms.net https://*.hsforms.com https://js-eu1.hsforms.net/forms/embed/v2.js https://*.hs-scripts.com https://*.hubspotfeedback.com https://feedback.hubapi.com https://feedback-eu1.hubapi.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.facebook.net https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://*.g.doubleclick.net https://*.hotjar.com https://secure.leadforensics.com https://snap.licdn.com https://px.ads.linkedin.com https://*.clarity.ms https://*.wistia.com https://*.wistia.net https://src.litix.io https://*.algolia.net https://*.sentry-cdn.com https://*.amazonaws.com https://*.linkedin.com https://*.twitter.com https://td.doubleclick.net https://cdn.ampproject.org https://www.bugherd.com https://a.usbrowserspeed.com; connect-src https://www.contentserv.com https://*.hubapi.com https://js.hscta.net https://js-eu1.hscta.net https://*.hubspot.com https://*.hs-banner.com https://*.hscollectedforms.net https://*.hsforms.com https://js-eu1.hsforms.net/forms/embed/v2.js https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.facebook.net https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://pagead2.googlesyndication.com https://*.hotjar.com wss://ws.hotjar.com https://content.hotjar.io https://secure.leadforensics.com https://snap.licdn.com https://px.ads.linkedin.com https://*.facebook.com https://*.twitter.com https://*.clarity.ms https://*.litix.io https://*.wistia.com https://*.wistia.net https://js.sentry-cdn.com https://google.com https://*.hotjar.io https://*.google.al https://*.google.com.ar https://*.google.at https://*.google.com.au https://*.google.ba https://*.google.be https://*.google.bg https://*.google.by https://*.google.ca https://*.google.ch https://*.google.cn https://*.google.cz https://*.google.de https://*.google.dk https://*.google.es https://*.google.fi https://*.google.fr https://*.google.ge https://*.google.co.in https://*.google.is https://*.google.it https://*.google.co.jp https://*.google.li https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.nl https://*.google.pl https://*.google.pt https://*.google.ro https://*.google.ru https://*.google.se https://*.google.sk https://*.google.com.tr https://*.google.com.ua https://*.google.co.uk https://www.googleadservices.com https://pro.ip-api.com https://td.doubleclick.net https://cdn.ampproject.org https://www.bugherd.com wss://ws-mt1.pusher.com https://salesviewer.org https://www.salesviewer.com/t; img-src * data:; frame-src https://www.contentserv.com https://*.hubspot.com https://*.hs-sites.com https://*.hs-sites-eu1.com https://*.hubspot.net https://*.hsforms.net https://*.hsforms.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net https://fast.wistia.com https://fast.wistia.net https://*.facebook.com https://*.twitter.com https://www.google.com https://contentserv.jobs.personio.com; style-src 'unsafe-inline' blob: https://www.contentserv.com https://static.hsappstatic.net https://*.hubspotusercontent-eu1.net https://*.hubspotusercontent-na1.net https://*.hubspotusercontent10.net https://cdn2.hubspot.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fast.wistia.com; font-src https: data:; child-src blob: https://*.hsforms.com; media-src blob: data: https://*.wistia.com https://*.wistia.net; worker-src blob:;; upgrade-insecure-requests

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Caching Headers

3 headers

Cache-Control

Caching

s-maxage=36000, max-age=5

Etag

Caching

"aad4de52d548cac68f7f7c591380476b"

Last-Modified

Caching

Wed, 07 Jan 2026 08:42:59 GMT

Content Headers

1 headers

Content-Type

Content

text/html; charset=UTF-8

Server Headers

1 headers

Server

cloudflare

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

_cfuvid=QxOQNwgwI1cBbHZew2FB5UG0.Y1iBI_1qOo21k1JlTQ-1769861567062-0.0.1.1-604800000; path=/; domain=.www.contentserv.com; HttpOnly; Secure; SameSite=None

Other Headers

13 headers

Alt-Svc

Other

h3=":443"; ma=86400

Cf-Ray

Other

9c691e89f90fdb3c-IAD

Date

Other

Sat, 31 Jan 2026 12:12:47 GMT

Edge-Cache-Tag

Other

CT-305139752158,CT-320268928196,CT-320716402900,CT-320717022456,P-8210569,CW-177937164200,CW-305160231154,E-305155950823,PGS-ALL,SW-0,TS-177937624123

Link

Other

<https://www.contentserv.com/hubfs/hub_generated/module_assets/1/177937164200/1760530544750/module_Language_Switcher.min.css>; rel=preload; as=style,</hs/hsstatic/cos-LanguageSwitcher/static-1.336/sass/LanguageSwitcher.css>; rel=preload; as=style,<https://www.contentserv.com/hubfs/hub_generated/module_assets/1/305160231154/1765956453679/module_Home_Page_2025_-_Hero.min.css>; rel=preload; as=style

X-Hs-Cache-Config

Other

BrowserCache-5s-EdgeCache-180s

X-Hs-Cache-Control

Other

s-maxage=36000, max-age=0

X-Hs-Cf-Cache-Status

Other

HIT

X-Hs-Cfworker-Meta

Other

{"contentType":"SITE_PAGE","resolver":"PreRenderedContentResolver"}

X-Hs-Content-Id

Other

305139752158

X-Hs-Hub-Id

Other

8210569

X-Hs-Portal-Id

Other

8210569

X-Hs-Prerendered

Other

Wed, 07 Jan 2026 08:42:59 GMT

Recommendations

Enable compression (gzip/brotli) to improve performance