HTTP Headers Analysis for https://creatio.com

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Basic

script-src; script-src-elem; frame-ancestors; +2 more

script-src 'self' 'nonce-b1ce698b566ec20fa14a2a07b248e840' 'strict-dynamic' 'sha256-3Q7Fer8VTVLBYfrpLbYBTwQkF9lmBnkJeuVShwQexS4=' 'sha256-Y5IFCmhYJPeYnnxHExQbP71aYPdfo8QhW52lqZ3+e8s=' 'sha256-pEbW1vfmjdEXxHaLC2MsW7FC79gH/35q+LEsXPH5vpM=' 'sha256-cH01299cZjq8b/f0ckDCzJP0qmI7L42T6JQdKnaW17g=' 'sha256-PeCBPuhqzZB21Syy61T2kFckbFtt7p1Op6K4ir2SoP4=' 'sha256-7ZLbZOp/U87ra/W1xjXAbujkCGRI0H0ouZM3uQiMoXg=' 'sha256-K1EvWOm2FWNOEX1/1prAtZhEFqHPu5J3bnu5uZ9vGAQ=' 'sha256-euuuZNr+eaDixtsO5Zp6wEpaN1qB33RCkHW55SNE78c=' 'sha256-taDM5hlEU3GKhB8zqkqzmJ/2GyuX88T+Vaa3jRyD9Uo=' 'sha256-Y5IFCmhYJPeYnnxHExQbP71aYPdfo8QhW52lqZ3+e8s=' 'sha256-PeCBPuhqzZB21Syy61T2kFckbFtt7p1Op6K4ir2SoP4=' 'sha256-7ZLbZOp/U87ra/W1xjXAbujkCGRI0H0ouZM3uQiMoXg=' 'sha256-K1EvWOm2FWNOEX1/1prAtZhEFqHPu5J3bnu5uZ9vGAQ=' 'sha256-euuuZNr+eaDixtsO5Zp6wEpaN1qB33RCkHW55SNE78c=' 'sha256-ZdDTEfl8xrGn7iZ/2mMDizDIe6JRmep2vz9STHJi4Zs=' 'sha256-taDM5hlEU3GKhB8zqkqzmJ/2GyuX88T+Vaa3jRyD9Uo=' 'sha256-s1/jMWC705QbAX8+P4Ty1Ce8EMOeuAGqI+hJ+pyK+gM=' 'sha256-PRMWS4ECvr6YujA6g9ufhzIjsfD/0/Mj0MvHIZXk+5U=' 'sha256-u4lsTgfOCZMrfyPr+Rbh0h5gStzCz8oAcS9duESdRUM=' 'sha256-1rWysHw8RNR5A5g0ClWRDZknrWAfmV2OzlI6EaIj6kA=' 'sha256-M7AuWmSvpzFQm4SS8EePwuJNQCgMLFr52oz6le6TEsg=' 'sha256-oWdPUohf0zSZdOunpZD2EKpOeXpV5XsHveey7nijmlE=' 'sha256-/08+/pOIbP2O/MDoeI7B0Gmc9Dw7xUk7errprXPtcn4=' 'sha256-rm73FNM100MK8Q7OQA44UblVHfjVjGe1R2RLLrbf9yw=' 'sha256-iYoImlxV+SuExv63r0FRgV8nLxEedfFtm4p2f0U04Pk=' 'sha256-Uz0yn00PqpvyPuK+MptaAirzRCPwuCU4Vhj/iAbfJxk=' 'sha256-pSKoa5DbpWOyKoO3mAdwvShgFxkhqYpdHZrzhWY+/IA=' 'sha256-l9qCt/biX7q1hPnjVaa6uFB/ZE6J6DL1zE8jcp+ymG8=' 'sha256-PRMWS4ECvr6YujA6g9ufhzIjsfD/0/Mj0MvHIZXk+5U=' 'sha256-bcB+2Flb43KiqxHny+wUQIAHKW9WtTOot4cLUfJckWQ=' 'sha256-Ns8iiUSFKbT1I3cdYhn5yrR2ZDy0arXwT3iT4yM2D1g=' 'sha256-Sp6ckhRSfiqC2HJ9pQZzWyOqePJvlA9avbxyvurnCQY=' www.google.com www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net tpc.googlesyndication.com www.youtube.com consent.cookiebot.com consentcdn.cookiebot.com libraries.creatio.com marketplace.creatio.com d3a7ykdi65m4cy.cloudfront.net maps.googleapis.com www.influ2.com js.intercomcdn.com widget.intercom.io bat.bing.com connect.facebook.net s.yimg.com a.quora.com sc.lfeeder.com ws.zoominfo.com a.plerdy.com cdn.jsdelivr.net cdnjs.cloudflare.com polyfill-fastly.io unpkg.com webtracking-v01.creatio.com mdbootstrap.com ct.capterra.com www.getapp.com js.stripe.com devakatalk.com pixel.byspotify.com snap.licdn.com tag.demandbase.com script.hotjar.com static.ada.support ddwl4m2hdecbv.cloudfront.net scripts.clarity.ms dev.visualwebsiteoptimizer.com; script-src-elem 'self' 'nonce-b1ce698b566ec20fa14a2a07b248e840' 'sha256-3Q7Fer8VTVLBYfrpLbYBTwQkF9lmBnkJeuVShwQexS4=' 'sha256-Y5IFCmhYJPeYnnxHExQbP71aYPdfo8QhW52lqZ3+e8s=' 'sha256-pEbW1vfmjdEXxHaLC2MsW7FC79gH/35q+LEsXPH5vpM=' 'sha256-cH01299cZjq8b/f0ckDCzJP0qmI7L42T6JQdKnaW17g=' 'sha256-PeCBPuhqzZB21Syy61T2kFckbFtt7p1Op6K4ir2SoP4=' 'sha256-7ZLbZOp/U87ra/W1xjXAbujkCGRI0H0ouZM3uQiMoXg=' 'sha256-K1EvWOm2FWNOEX1/1prAtZhEFqHPu5J3bnu5uZ9vGAQ=' 'sha256-euuuZNr+eaDixtsO5Zp6wEpaN1qB33RCkHW55SNE78c=' 'sha256-taDM5hlEU3GKhB8zqkqzmJ/2GyuX88T+Vaa3jRyD9Uo=' 'sha256-Y5IFCmhYJPeYnnxHExQbP71aYPdfo8QhW52lqZ3+e8s=' 'sha256-PeCBPuhqzZB21Syy61T2kFckbFtt7p1Op6K4ir2SoP4=' 'sha256-7ZLbZOp/U87ra/W1xjXAbujkCGRI0H0ouZM3uQiMoXg=' 'sha256-K1EvWOm2FWNOEX1/1prAtZhEFqHPu5J3bnu5uZ9vGAQ=' 'sha256-euuuZNr+eaDixtsO5Zp6wEpaN1qB33RCkHW55SNE78c=' 'sha256-ZdDTEfl8xrGn7iZ/2mMDizDIe6JRmep2vz9STHJi4Zs=' 'sha256-taDM5hlEU3GKhB8zqkqzmJ/2GyuX88T+Vaa3jRyD9Uo=' 'sha256-s1/jMWC705QbAX8+P4Ty1Ce8EMOeuAGqI+hJ+pyK+gM=' 'sha256-PRMWS4ECvr6YujA6g9ufhzIjsfD/0/Mj0MvHIZXk+5U=' 'sha256-u4lsTgfOCZMrfyPr+Rbh0h5gStzCz8oAcS9duESdRUM=' 'sha256-1rWysHw8RNR5A5g0ClWRDZknrWAfmV2OzlI6EaIj6kA=' 'sha256-M7AuWmSvpzFQm4SS8EePwuJNQCgMLFr52oz6le6TEsg=' 'sha256-oWdPUohf0zSZdOunpZD2EKpOeXpV5XsHveey7nijmlE=' 'sha256-/08+/pOIbP2O/MDoeI7B0Gmc9Dw7xUk7errprXPtcn4=' 'sha256-rm73FNM100MK8Q7OQA44UblVHfjVjGe1R2RLLrbf9yw=' 'sha256-iYoImlxV+SuExv63r0FRgV8nLxEedfFtm4p2f0U04Pk=' 'sha256-Uz0yn00PqpvyPuK+MptaAirzRCPwuCU4Vhj/iAbfJxk=' 'sha256-pSKoa5DbpWOyKoO3mAdwvShgFxkhqYpdHZrzhWY+/IA=' 'sha256-l9qCt/biX7q1hPnjVaa6uFB/ZE6J6DL1zE8jcp+ymG8=' 'sha256-PRMWS4ECvr6YujA6g9ufhzIjsfD/0/Mj0MvHIZXk+5U=' 'sha256-bcB+2Flb43KiqxHny+wUQIAHKW9WtTOot4cLUfJckWQ=' 'sha256-Ns8iiUSFKbT1I3cdYhn5yrR2ZDy0arXwT3iT4yM2D1g=' 'sha256-Sp6ckhRSfiqC2HJ9pQZzWyOqePJvlA9avbxyvurnCQY=' www.google.com www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net tpc.googlesyndication.com www.youtube.com consent.cookiebot.com consentcdn.cookiebot.com libraries.creatio.com marketplace.creatio.com d3a7ykdi65m4cy.cloudfront.net maps.googleapis.com www.influ2.com js.intercomcdn.com widget.intercom.io bat.bing.com connect.facebook.net s.yimg.com a.quora.com sc.lfeeder.com ws.zoominfo.com a.plerdy.com cdn.jsdelivr.net cdnjs.cloudflare.com polyfill-fastly.io unpkg.com webtracking-v01.creatio.com mdbootstrap.com ct.capterra.com www.getapp.com js.stripe.com devakatalk.com pixel.byspotify.com snap.licdn.com tag.demandbase.com script.hotjar.com static.ada.support ddwl4m2hdecbv.cloudfront.net scripts.clarity.ms dev.visualwebsiteoptimizer.com; frame-ancestors 'self' *.creatio.com; object-src 'none'; base-uri 'none'

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

4 headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

Caching Headers

3 headers

Age

Caching

0

Cache-Control

Caching

must-revalidate, no-cache, private

Expires

Caching

Sun, 19 Nov 1978 05:00:00 GMT

Content Headers

2 headers

Content-Language

Content

en

Content-Type

Content

text/html; charset=UTF-8

Server Headers

0 headers

No server headers found

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

incap_ses_1845_2180455=8q+YY4/b43+EhKT6TsKaGSm6ZWkAAAAAqP3z/3eAz6m1Wj+dPQnLFQ==; path=/; Domain=.creatio.com; Secure; SameSite=None

Other Headers

7 headers

Cache-Tags

Other

MISS

Date

Other

Tue, 13 Jan 2026 03:21:13 GMT

Link

Other

<https://www.creatio.com>; rel="alternate"; hreflang="x-default"

X-Cdn

Other

Imperva

X-Drupal-Cache

Other

UNCACHEABLE (response policy)

X-Drupal-Dynamic-Cache

Other

HIT

X-Iinfo

Other

55-268574960-268574963 NNNN CT(93 96 0) RT(1768274473534 7) q(0 0 2 5) r(3 5) U9

Recommendations

Enable compression (gzip/brotli) to improve performance