HTTP Headers Analysis for https://esetng.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Basic

default-src; connect-src; font-src; +12 more

default-src 'self'; connect-src 'self' http://ad.doubleclick.net https://*.analytics.google.com https://*.botframework.com https://*.clarity.ms https://*.demandbase.com https://*.demdex.net https://*.eset.com https://*.googlesyndication.com https://*.hotjar.com https://*.hotjar.io https://*.tt.omtrdc.net https://ads.reddit.com https://adservice.google.com https://analytics.google.com https://analytics.twitter.com https://api.company-target.com https://bat.bing.com https://bat.bing.net https://c.go-mpulse.net https://cdn.acsbapp.com https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://conversions-config.reddit.com https://cookies-data.onetrust.io https://ekr.zdassets.com https://ep.smct.co https://eset.tt.omtrdc.net https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://grsm.io https://ipb.smct.co https://ipb.smct.io https://js.smct.co https://js.smct.io https://maps.googleapis.com https://partnerlinks.io https://pixel-config.reddit.com https://privacyportal.onetrust.com https://px.ads.linkedin.com https://region1.google-analytics.com https://replay.uxtweak.com https://s.yimg.com https://script.crazyegg.com https://segments.company-target.com https://smct.co https://stats.g.doubleclick.net https://tracker.clickguard.com https://tracking-api.g2.com https://www.facebook.com https://www.google-analytics.com https://www.google.by https://www.google.co.uz https://www.google.com https://www.google.es https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lt https://www.google.lv https://www.google.ru https://www.googleadservices.com https://www.googletagmanager.com https://www.redditstatic.com wss://*.botframework.com wss://*.eset.com wss://*.hotjar.com; font-src 'self' data: https://*.eset.com https://*.gstatic.com https://*.web-assets.eset.com https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com; form-action 'self' https://*.eset-la.com https://*.eset.com https://*.form.eset.com https://*.tienda.eset-la.com https://s1069307879.t.eloqua.com https://webto.salesforce.com https://www.facebook.com; frame-ancestors 'self' https://*.eset.com; frame-src 'self' https://*.eset.com https://*.fls.doubleclick.net https://*.sgtm.eset.com https://8117415.fls.doubleclick.net https://bid.g.doubleclick.net https://eset.demdex.net https://hemsync.clickagy.com https://int.form.eset.com https://js.smct.io https://ls.smct.co https://s.company-target.com https://smct.co https://td.doubleclick.net https://tpc.googlesyndication.com https://unity.survey-solutions.cloud https://vars.hotjar.com https://widget.trustpilot.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: http://ad.doubleclick.net https://*.adform.net https://*.ads.linkedin.com https://*.capterra.com https://*.eset.com https://*.hotjar.com https://*.rlcdn.com https://*.yahoo.co.jp https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.com https://alb.reddit.com https://analytics.google.com https://analytics.twitter.com https://bat.bing.com https://bat.bing.net https://c.bing.com https://c.clarity.ms https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.smct.co https://cdn.smct.io https://cdn1.esetstatic.com https://cm.everesttech.net https://cm.g.doubleclick.net https://connect.facebook.net https://dc.ads.linkedin.com https://dpm.demdex.net https://events.smct.co https://googleads.g.doubleclick.net https://i.ytimg.com https://images.g2crowd.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://pubads.g.doubleclick.net https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://s1069307879.t.eloqua.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://t.co https://tribl.io https://web-assets.esetstatic.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.linkedin.com; manifest-src 'self' https://*.eset.com https://*.web-assets.eset.com; media-src 'self' https://*.eset.com https://*.web-assets.eset.com https://static.zdassets.com; object-src 'self' https://*.eset.com https://*.web-assets.eset.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.eset.com https://*.replay.uxtweak.com https://*.salesforceliveagent.com https://*.web-assets.eset.com https://acsbap.com https://acsbapp.com https://assets.esetstatic.com https://bat.bing.com https://cdn.botframework.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://cdnjs.cloudflare.com https://connect.facebook.net https://d.la1-c2-cdg.salesforceliveagent.com https://embed.tawk.to https://googleads.g.doubleclick.net https://img06.en25.com https://invitejs.trustpilot.com https://js.partnerstack.com https://js.smct.co https://js.smct.io https://maps.googleapis.com https://pagead2.googlesyndication.com https://platform.twitter.com https://s786665.t.eloqua.com https://script.hotjar.com https://scripts.clarity.ms https://smct.co https://snap.licdn.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.hotjar.com https://static.zdassets.com https://tag.demandbase.com https://tpc.googlesyndication.com https://tracking-api.g2.com https://tribl.io https://widget.trustpilot.com https://www.clarity.ms https://www.google-analytics.com https://www.google.ae https://www.google.am https://www.google.be https://www.google.bg https://www.google.bs https://www.google.by https://www.google.cg https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.co.id https://www.google.co.il https://www.google.co.ke https://www.google.co.ma https://www.google.co.nz https://www.google.co.th https://www.google.co.uz https://www.google.co.ve https://www.google.co.zw https://www.google.com https://www.google.dj https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.md https://www.google.me https://www.google.mk https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.se https://www.google.si https://www.google.tn https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com https://www.redditstatic.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.eset.com https://*.hotjar.com https://*.web-assets.eset.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://fonts.smct.co https://fonts.smct.io; worker-src 'self' https://*.eset.com; report-uri https://www-eset-com.api.cspconsole.com; report-to csp-endpoint;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer-when-downgrade

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers

Connection

Performance

Transfer-Encoding

Performance

chunked

Caching Headers

3 headers

Cache-Control

Caching

max-age=3600

Etag

Caching

W/"6980c057-69b0f"

Last-Modified

Caching

Mon, 02 Feb 2026 15:18:47 GMT

Content Headers

1 headers

Content-Type

Content

text/html; charset=UTF-8

Server Headers

0 headers

No server headers found

CORS Headers

5 headers

Access-Control-Allow-Credentials

Cors

true

Access-Control-Allow-Headers

Cors

Content-Type, expires, x-xsrf-token, authorization, project-guid, cache-control, x-requested-with

Access-Control-Allow-Methods

Cors

GET, POST, OPTIONS

Access-Control-Allow-Origin

Cors

https://www.eset.com

Access-Control-Expose-Headers

Cors

X-EDPS-Request-Status

Cookies Headers

0 headers

No cookies headers found

Other Headers

5 headers

Date

Other

Thu, 05 Feb 2026 11:47:39 GMT

Feature-Policy

Other

accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'self' https://www.youtube.com; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'

Reporting-Endpoints

Other

csp-endpoint="https://www-eset-com.api.cspconsole.com"

X-Edps-Request-Status

Other

normal

X-Rendering-Engine

Other

html

Recommendations

Enable compression (gzip/brotli) to improve performance