HTTP Headers Analysis for https://drift.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Basic

connect-src; font-src; frame-src; +10 more

connect-src 'self' https://adservice.google.com global.ketchcdn.com *.calibermind.com *.ketchcdn.com *.ketchjs.com *.google.com *.g2crowd.com *.linkedin.com *.chilipiper.com cmstesting.salesloft.com https://munchkin.marketo.net https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location cdn.contentstack.io api.contentstack.io *.contentstack.io *.hotjar.com *.sequel.io *.salesloft.com *.adnxs.com unpkg.com *.hotjar.com *.hotjar.io *.6sc.co *.6sense.com *.marketlinc.com *.nr-data.net/ *.analytics.google.com *.marketo.com *.mktoresp.com *.doubleclick.net *.google-analytics.com/ *.googletagmanager.com/ *.pantheonsite.io/ *.cookielaw.org/ *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.litix.io *.netdna-ssl.com https://api.company-target.com/api/v2/ip.json https://api.brightfunnel.com/v1/sd https://api-iam.intercom.io/messenger/web/ping wss://nexus-websocket-a.intercom.io/ https://ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css https://ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css https://ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-font-face.min.css https://analytics.google.com/g/collect https://cdn.linkedin.oribi.io/partner/5254305/domain/salesloft.com/token wss://wsp13.hotjar.com/api/v2/client/ws *.google.com *.googleoptimize.com *.hotjar.com *.introvoke.com *.mktoweb.com *.benchmarkseverywhere.com https://saasbenchmarks.ai/ https://live-salesloft-v2.pantheonsite.io/ https://test-salesloft-v2.pantheonsite.io/ https://images.contentstack.io https://slft-cons-preproduction.contentstackapps.com *.driftt.com *.drift.com wss://ws.hotjar.com/api/v2/client/ws; font-src 'self' data: https://fonts.gstatic.com *.netdna-ssl.com https://js.intercomcdn.com/fonts/ *.fontawesome.com *.wistia.com *.bootstrapcdn.com; frame-src 'self' *.doubleclick.net *.sequel.io *.vidyard.com *.youtube.com *.chilipiper.com *.salesloft.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net https://staticxx.facebook.com/ http://www2.salesloft.com *.greenhouse.io/ *.megaphone.fm *.google.com/ *.contentstack.io *.contentstack.com *.spotify.com *.twitter.com *.facebook.com *.driftt.com *.drift.com https://live-salesloft-v2.pantheonsite.io/ https://images.contentstack.io *.googletagmanager.com; img-src 'self' https: data: blob: *.netdna-ssl.com https://ssl.gstatic.com/ *.vidyard.com; manifest-src 'self' blob:; media-src 'self' blob: *.driftt.com *.wistia.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com *.marketo.com *.netdna-ssl.com https://tagmanager.google.com/ https://fonts.googleapis.com/ *.salesloft.com *.bootstrapcdn.com *.google.com https://live-salesloft-v2.pantheonsite.io/ https://images.contentstack.io/; worker-src blob: data: *.netdna-ssl.com *.contentstackapps.com localhost:3000 salesloft.com cmstesting.salesloft.com *.salesloft.com; base-uri 'none'; frame-ancestors 'self' *.contentstack.com; default-src 'none'; script-src https: 'unsafe-eval' 'unsafe-inline' http://pages.salesloft.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://tagmanager.google.com/ 'self';

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

Caching Headers

1 headers

Cache-Control

Caching

max-age=0, s-max-age=60, stale-while-revalidate=30

Content Headers

1 headers

Content-Type

Content

text/html; charset=utf-8

Server Headers

1 headers

Server

cloudflare

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

__cf_bm=CInMRk3wMmMJ71g3oxBCO19fug1rHsPWlDCEC7nuWCE-1768689582.6596963-1.0.1.1-F2w4Ay4WYDfpwk.Ou4e0q_XGpvnRgCirZLgNVd7qV2RO.IMJmJxjGoHPJbeWcyzCJhv6ib.Xg_9N4Pw90DkWlAkB_jNkuZHis5zp7VqYadDJssH97dxOpEuWHzXVqTLm; HttpOnly; Secure; Path=/; Domain=contentstackapps.com; Expires=Sat, 17 Jan 2026 23:09:42 GMT

Other Headers

9 headers

Cf-Cache-Status

Other

REVALIDATED

Cf-Ray

Other

9bf959a39a9d5831-IAD

Date

Other

Sat, 17 Jan 2026 22:39:42 GMT

X-Amzn-Requestid

Other

3531d249-e79d-4cd0-b561-9c80a1f84899

X-Amzn-Trace-Id

Other

Root=1-696966e5-2c6f7c3a4d0990f72734fe29;Parent=3f728b83f11064d0;Sampled=0;Lineage=1:03340a0a:0

X-Deployment-Uid

Other

6968eec9f48e3ddcfd98af4c

X-Environment-Uid

Other

654397a0f247a275a3a00a23

X-Org-Uid

Other

blt895da6502121df32

X-Project-Uid

Other

654397a0f247a275a3a00a1d

Recommendations

Enable compression (gzip/brotli) to improve performance