HTTP Headers Analysis for https://dev.sqdc.st

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

report-uri; report-to; upgrade-insecure-requests; +15 more

report-uri /functions/log-csp; report-to logcsp; upgrade-insecure-requests; frame-ancestors 'self'; form-action 'self' https://www.facebook.com; base-uri 'self'; default-src 'none'; font-src 'self' https://fonts.gstatic.com; style-src 'unsafe-inline' 'self'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://unpkg.com/@daily-co/daily-js https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://squadcast-fm.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://squadcast-fm.zendesk.com wss://*.zopim.com; object-src 'self'; frame-src 'self' https://squadcast-cloud-recordings.s3.us-east-2.amazonaws.com/ https://squadcast-beta-cloud-recordings.s3.us-east-2.amazonaws.com https://*.daily.co https://www.facebook.com https://www.google.com https://js.stripe.com https://*.squadcast.fm https://*.appspot.com https://*.uc.r.appspot.com https://*.firebaseapp.com; img-src 'self' data: https://squadcast.fm https://*.giphy.com https://www.facebook.com https://*.googleapis.com https://*.googleusercontent.com https://v2assets.zopim.io https://static.zdassets.com; media-src 'self' blob: https://*.googleapis.com blob: https://static.zdassets.com/web_widget/classic/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3 data:; script-src-elem 'self' 'unsafe-inline' blob: https://www.google.com https://www.gstatic.com https://apis.google.com https://connect.facebook.net https://public.profitwell.com https://script.tapfiliate.com https://analytics.tiktok.com https://beacon-v2.helpscout.net https://js.stripe.com https://www.googletagmanager.com https://static.zdassets.com; worker-src blob:; connect-src 'self' https://squadcast-cloud-recordings.s3.us-east-2.amazonaws.com https://squadcast-beta-cloud-recordings.s3.us-east-2.amazonaws.com wss://*.wss.daily.co https://*.daily.co https://*.pluot.blue wss://*.voxeet.com wss://*.dolby.io https://api.giphy.com https://*.typesense.net https://*.squadcast.fm https://*.cloudfront.net https://www.facebook.com https://analytics.tiktok.com https://*.googleapis.com https://*.google-analytics.com https://*.profitwell.com https://*.dolby.io https://api.rollbar.com https://beaconapi.helpscout.net https://hooks.zapier.com https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://squadcast-fm.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://squadcast-fm.zendesk.com wss://*.zopim.com https://us-central1-squadcast-7fa10.cloudfunctions.net/* https://us-central1-squadcast-dev.cloudfunctions.net/* https://squadcast-dev.uc.r.appspot.com https://*.uc.r.appspot.com https://amplion-beta-dot-magnetosphere-298400.uc.r.appspot.com https://bendix-beta-dot-magnetosphere-298400.uc.r.appspot.com https://califone-beta-dot-magnetosphere-298400.uc.r.appspot.com https://distatone-beta-dot-magnetosphere-298400.uc.r.appspot.com https://farnsworth-beta-dot-magnetosphere-298400.uc.r.appspot.com https://lafayette-beta-dot-magnetosphere-298400.uc.r.appspot.com https://*.descript.com https://descript.zendesk.com/* https://descript.zendesk.com/api/v2/* https://static.zdassets.com/* https://descript.zendesk.com/embeddable/config/* https://descript.zendesk.com/embeddable/config https://*.zendesk.com https://static.zdassets.com/web_widget/classic/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3 wss: https://squadcast-cloud-recordings.s3.us-east-2.amazonaws.com/ https://us-central1-squadcast-7fa10.cloudfunctions.net https://us-central1-squadcast-dev.cloudfunctions.net

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Accept-Ranges

Performance

bytes

Connection

Performance

keep-alive

Vary

Performance

x-fh-requested-host, accept-encoding

Caching Headers

3 headers

Cache-Control

Caching

public, max-age=3600

Etag

Caching

"1364c378006f58c372111fefcfdf0d33483b4640828a4179be2e427f8f448a64"

Last-Modified

Caching

Thu, 20 Nov 2025 23:51:33 GMT

Content Headers

2 headers

Content-Length

Content

6517

Content-Type

Content

text/html; charset=utf-8

Server Headers

0 headers

No server headers found

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

7 headers

Alt-Svc

Other

h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

Date

Other

Fri, 21 Nov 2025 20:23:38 GMT

Reporting-Endpoints

Other

logcsp=/functions/log-csp

X-Cache

Other

HIT

X-Cache-Hits

Other

0

X-Served-By

Other

cache-pdk-kfty8610097-PDK

X-Timer

Other

S1763756618.138259,VS0,VE1

Recommendations

Enable compression (gzip/brotli) to improve performance