HTTP Headers Analysis for https://css.soprasteria.de

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Basic

default-src; script-src; style-src; +6 more

default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com https://cdn.insight.sitefinity.com https://youtube.com https://player.vimeo.com/api/player.js https://vjs.zencdn.net/7.11.4/video.min.js connect.facebook.net platform.twitter.com https://syndication.twitter.com/ https://analytics.twitter.com/i/adsct platform.linkedin.com https://www.linkedin.com/ https://s.ytimg.com https://publish.twitter.com https://twitter.com/ https://static.ads-twitter.com/uwt.js ajax.aspnetcdn.com *.twimg.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://sopra-steria.career-inspiration.com/js/fbapppromobox.js https://snap.licdn.com/ https://sjs.bizographics.com/insight.min.js https://secure.quantserve.com/quant.js https://rules.quantcount.com/rules-p-U-rxjfyRkAJ0Y.js https://static.pathmotion.io/initjs/init.min.js https://rules.quantcount.com/rules-p-5eXwvumSeTF0n.js *.lfeeder.com *.leadfeeder.com https://pi.pardot.com/pd.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://pi.pardot.com/ https://go.soprasteria.de/ https://walls.io/js/ https://ytimg.com https://siteimproveanalytics.com/js/siteanalyze_6035851.js https://npmcdn.com/[email protected]/imagesloaded.pkgd.js https://tags.inzynk.io/cl383xbw/iztag.js https://analytics.inzynk.io/v/cl383xbw https://player.gobistories.com/index.js https://www.buzzsprout.com https://tag.aticdn.net/piano-analytics.js https://*.xiti.com https://*.ati-host.net https://*.aticdn.net https://unpkg.com https://tagmanager.google.com *.googletagmanager.com *.goldenbees.fr/ https://cdn.goldenbees.mgr.consensu.org/ https://cdnjs.cloudflare.com/ajax/libs/videojs-youtube/2.5.0/Youtube.min.js https://cdnjs.cloudflare.com/ajax/libs/xlsx/0.16.6/xlsx.full.min.js https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.9.3/Chart.min.js https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/3.6.1/iframeResizer.min.js https://www2.soprasteria.no https://analytics.inzynk.io */widget/v1/sr-job-alerts.js https://widget.gobistories.com/ https://js.datadome.co/tags.js js.datadome.co https://karriere.soprasteria.de https://karriere.css.soprasteria.de https://karriere.css.soprasteria.de/post_message_receiver.js https://cdn.mouseflow.com https://survey.survicate.com https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com *.usercentrics.eu embed.vev.page https://js-eu1.hsforms.net/ https://js-eu1.hscollectedforms.net/ https://js-eu1.hs-scripts.com https://js-eu1.hs-banner.com/ https://js-eu1.hsadspixel.net/ https://js-eu1.hs-analytics.net/ https://js-eu1.hubspot.com/ *.ceros.com *.hsadspixel.net *.hs-analytics.net js.hscta.net js-eu1.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com feedback-eu1.hubapi.com *.mouseflow.com https://go.soprahr.com/ *.eloqua.com *.en25.com *.oraclecloud.com eloqua.soprasteria.co.uk https://www.google.com/recaptcha/enterprise.js https://www.youtube.com/ *.inzynk.io https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://cdn.jsdelivr.net/npm/[email protected]/iXBRLViewerPlugin/viewer/dist/ixbrlviewer.js; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com kendo.cdn.telerik.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://tagmanager.google.com/debug/css.css https://pixel.quantserve.com/pixel https://vjs.zencdn.net/7.11.4/video-js.css https://www.googletagmanager.com/debug/badge.css https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com *.eloqua.com *.en25.com *.oraclecloud.com eloqua.soprasteria.co.uk; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com data: https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com *.mouseflow.com; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com *.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com *.eloqua.com track.hubspot.com https://dc.ads.linkedin.com/collect/ https://px.ads.linkedin.com/ https://t.co/i/adsct https://counter.adcourier.com https://stats.g.doubleclick.net/r/collect https://pixel.quantserve.com/ data: blob: *.cdninstagram.com *.lfeeder.com *.leadfeeder.com *.google.fr/ads/ *.google.com/ads/ https://i.ytimg.com/ https://hellojaiblog.files.wordpress.com https://media.giphy.com https://s3.eu-central-1.amazonaws.com https://ytimg.com https://6035851.global.siteimproveanalytics.io/ https://conv.indeed.com/pagead/conv/5314231913872130/ https://img.youtube.com/ https://media-proxy.gobistories.co/ https://res.cloudinary.com https://ad.doubleclick.net https://analytics.twitter.com https://www.googletagmanager.com https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com https://assets.survicate.com https://img.survicate.com https://images.unsplash.com *.usercentrics.eu https://www.buzzsprout.com https://forms-eu1.hsforms.com/ https://perf-eu1.hsforms.com/ https://track-eu1.hubspot.com/ js.hscta.net js-eu1.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com *.ads.linkedin.com i.vimeocdn.com https://www.soprasteria.nl https://www.soprasteria.lu *.mouseflow.com *.eloqua.com *.en25.com *.oraclecloud.com eloqua.soprasteria.co.uk https://www.soprasteria.be https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://google.com https://www.google.fr https://www.google.com https://pagead2.googlesyndication.com; media-src 'self' data: blob: https://firebasestorage.googleapis.com https://s3.eu-central-1.amazonaws.com https://youtube.com https://googlevideo.com https://www.youtube.com/ https://res.cloudinary.com https://smartcdn.dam.gettyimages.com/ https://cdn.soprasteria.com/ https://publish-p153311-e1620657.adobeaemcloud.com https://www.soprasteria.com; frame-src 'self' https://platform.twitter.com/ https://www.youtube.com/ https://youtu.be/ https://player.vimeo.com/ https://karriere.soprasteria.de/ https://candidate.hr-manager.net/ https://my.walls.io/ https://sopra.symex.be/ https://charts.symex.be/ https://maps.google.com/ https://sopra-steria.career-inspiration.com/ https://youtube.com https://app.livestorm.co/ https://www.buzzsprout.com https://forms.office.com/ https://app.powerbi.com/ https://subscriptions.smartrecruiters.com/ https://go.soprasteria.com/ https://smrtr.io/ https://join.smartrecruiters.com/ *.doubleclick.net https://it-economics.jobs.personio.de/ https://karriere.css.soprasteria.de https://soprasteria.jobs.personio.de/ https://view.ceros.com/ *.hubspot.com *.hs-sites.com *.hs-sites-eu1.com *.hubspot.net play.hubspotvideo.com play-eu1.hubspotvideo.com *.hsforms.net *.hsforms.com https://forms-eu1.hsforms.com/ *.mouseflow.com https://go.soprahr.com/ *.eloqua.com *.en25.com *.oraclecloud.com eloqua.soprasteria.co.uk https://www.google.com/ https://www.googletagmanager.com/ https://www.googletagmanager.com https://td.doubleclick.net https://go.pardot.com/; child-src 'self' blob: *.twitter.com https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com *.facebook.com badge.stumbleupon.com https://charts.symex.be/ https://sopra.symex.be/ https://sopra-steria.career-inspiration.com/ https://candidate.hr-manager.net/ https://karriere.soprasteria.de/ *.hsforms.com *.mouseflow.com; connect-src 'self' accounts.google.com. *.sitefinity.com *.mktoresp.com https://maps.googleapis.com/ https://vimeo.com/ https://www.digitale-exzellenz.de https://www.instagram.com *.lfeeder.com *.leadfeeder.com https://stats.g.doubleclick.net/ https://www.linkedin.com/ *.linkedin.com https://api.gobistories.co/ https://api.gobistories.com/ https://res.cloudinary.com https://*.xiti.com https://*.pa-cd.com https://*.ati-host.net https://*.aticdn.net https://cdn.linkedin.oribi.io https://analytics.inzynk.io https://o2.mouseflow.com https://eu-api.friendlycaptcha.eu https://respondent.survicate.com https://survey.survicate.com *.usercentrics.eu https://forms-eu1.hsforms.com/ https://forms-eu1.hscollectedforms.net/ https://api-eu1.hubapi.com/ https://cta-eu1.hubspot.com/ *.hubapi.com js.hscta.net js-eu1.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.mouseflow.com https://www.google.com/ccm/collect https://pagead2.googlesyndication.com https://www.googleadservices.com https://www.google.com https://google.com;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer-when-downgrade

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

Performance Headers

1 headers

Connection

Performance

close

Caching Headers

3 headers

Cache-Control

Caching

no-cache

Expires

Caching

-1

Pragma

Caching

no-cache

Content Headers

2 headers

Content-Length

Content

49886

Content-Type

Content

text/html; charset=utf-8

Server Headers

0 headers

No server headers found

CORS Headers

1 headers

Access-Control-Allow-Origin

Cors

*

Cookies Headers

0 headers

No cookies headers found

Other Headers

1 headers

Date

Other

Thu, 25 Dec 2025 09:35:24 GMT

Recommendations

Enable compression (gzip/brotli) to improve performance