HTTP Headers Analysis for https://cookieyes.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; img-src; object-src; +7 more

default-src 'self' data: https://*.gstatic.com https://*.tawk.to https://*.cloudflare.com https://fonts.intercomcdn.com https://fonts.bunny.net https://*.googlesyndication.com https://*.segment.com https://*.lottiefiles.com https://*.hotjar.com https://www.google.com https://api.segment.io https://*.clarity.ms https://c.bing.com ; img-src 'self' data: https://*.hotjar.com https://scatec.io https://*.bing.com https://static.intercomassets.com https://js.intercomcdn.com https://downloads.intercomcdn.com https://www.google.ie https://www.google.com https://*.google.es https://*.google.pl https://*.google.co.uk https://*.google.it https://*.google.de https://*.google.fr https://*.google.ca https://*.doubleclick.net https://*.twitter.com https://t.co https://embed.tawk.to https://cdn.jsdelivr.net https://www.googletagmanager.com https://www.google.co.in https://*.linkedin.com https://*.clarity.ms https://c.bing.com https://*.cloudflare.com https://cookieyes.com https://*.googleusercontent.com https://*.cookieserve.com https://*.gravatar.com https://www.facebook.com https://i.ytimg.com https://cdn-cookieyes.com https://*.google-analytics.com;object-src 'none'; child-src 'self' https://*.google.com https://js.stripe.com https://www.googletagmanager.com https://*.cloudflare.com https://form.typeform.com https://*.reddit.com https://*.googlesyndication.com https://platform.twitter.com https://*.doubleclick.net https://calendly.com https://embed.reddit.com https://www.youtube.com https://www.facebook.com; frame-ancestors 'self' https://responsivetesttool.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cloudflareinsights.com https://js.stripe.com https://scatec.io https://cdn-cookieyes.com https://analytics.ahrefs.com https://widget.intercom.io https://*.bing.com https://embed.reddit.com https://js.intercomcdn.com https://www.googleadservices.com https://embed.typeform.com https://*.cloudflare.com https://*.googlesyndication.com https://*.ads-twitter.com https://*.tawk.to https://*.doubleclick.net https://cdnjs.cloudflare.com https://*.calendly.com https://snap.licdn.com https://*.cookieyes.com https://unpkg.com https://cdn.jsdelivr.net https://script.tapfiliate.com https://connect.facebook.net https://cdn.segment.com https://www.google.com https://www.gstatic.com https://*.getresponse.com https://*.clarity.ms https://*.gr-cdn.com https://*.googletagmanager.com https://*.hotjar.com https://*.googleoptimize.com https://*.google-analytics.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://embed.typeform.com https://*.tawk.to https://cdnjs.cloudflare.com https://www.gstatic.com https://fonts.bunny.net ;connect-src 'self' https://scatec.io https://frstre.com https://analytics.ahrefs.com https://google.com https://googleads.g.doubleclick.net https://api-iam.intercom.io https://www.googleadservices.com https://uploads.intercomcdn.com wss://nexus-websocket-a.intercom.io https://api.typeform.com https://*.linkedin.com https://*.google.com https://*.tawk.to wss://*.tawk.to https://lottie.host https://*.googlesyndication.com https://*.lottiefiles.com https://*.googletagmanager.com https://*.google-analytics.com https://cdn.linkedin.oribi.io https://*.clarity.ms https://stats.g.doubleclick.net https://api.segment.io https://*.segment.com https://*.cookieserve.com https://*.cookielawinfo.com https://*.getresponse.com https://cdn-cookieyes.com https://log.cookieyes.com https://*.cookieyes.com https://*.hotjar.com https://*.hotjar.io wss://ws.hotjar.com; upgrade-insecure-requests; block-all-mixed-content

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

no-referrer, strict-origin-when-cross-origin

Permissions-Policy

Present

fullscreen=(self), geolocation=*, camera=(),browsing-topics=()

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking

Performance Headers

3 headers

Connection

Performance

keep-alive

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding,User-Agent,Referer

Caching Headers

4 headers

Age

Caching

216000

Cache-Control

Caching

max-age=0

Expires

Caching

Thu, 20 Nov 2025 06:42:26 GMT

Last-Modified

Caching

Thu, 20 Nov 2025 06:10:08 GMT

Content Headers

1 headers

Content-Type

Content

text/html; charset=UTF-8

Server Headers

1 headers

Server

cloudflare

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

5 headers

Alt-Svc

Other

h3=":443"; ma=86400

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9a15f7a63fc2e5f1-IAD

Date

Other

Thu, 20 Nov 2025 06:42:27 GMT

X-Permitted-Cross-Domain-Policies

Other

none

Recommendations

Enable compression (gzip/brotli) to improve performance