HTTP Headers Analysis for https://etap.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Basic

default-src; script-src; style-src; +8 more

default-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: data: blob: mediastream:; script-src 'self' blob: mediastream: https://platform-api.sharethis.com/js/sharethis.js https://script.crazyegg.com/pages/scripts/0076/0191.js https://secure.path5wall.com/js/196367.js https://cdn.jsdelivr.net/npm/swiper@9/swiper-bundle.min.js https://www.googletagmanager.com/gtag/js https://code.jquery.com/jquery-3.7.1.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/2.1.2/TweenMax.min.js https://cdnjs.cloudflare.com/ajax/libs/ScrollMagic/2.0.6/ScrollMagic.min.js https://cdnjs.cloudflare.com/ajax/libs/ScrollMagic/2.0.6/plugins/animation.gsap.min.js https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.js https://js.createsend1.com/javascript/copypastesubscribeformlogic.js https://buttons-config.sharethis.com/js/645d0c51ae583700197b9a7f.js https://script.crazyegg.com/pages/versioned/common-scripts/bd50d2cb21d6f62c8d2746fa4e34ac1e.js https://t.sharethis.com/1/k/t.dhj https://platform-api.sharethis.com/panorama.js https://cdnjs.cloudflare.com/ajax/libs/ScrollMagic/2.0.7/plugins/debug.addIndicators.js https://ajax.aspnetcdn.com/ajax/jquery.validate/1.8/jquery.validate.min.js https://cdn.datatables.net/1.10.25/js/jquery.dataTables.min.js https://cdn.datatables.net/searchpanes/1.3.0/js/dataTables.searchPanes.min.js https://cdnjs.cloudflare.com/ajax/libs/list.js/1.5.0/list.min.js https://www.googletagmanager.com/gtm.js https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js https://www.google-analytics.com/analytics.js https://bat.bing.com/bat.js https://bat.bing.com/p/action/5707381.js https://www.clickcease.com/monitor/stat.js https://ajax.aspnetcdn.com/ajax/jquery.validate/1.8.1/jquery.validate.js https://ajax.aspnetcdn.com/ajax/mvc/4.0/jquery.validate.unobtrusive.min.js https://www.google.com/recaptcha/api.js https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.js https://cdnjs.cloudflare.com/ajax/libs/bootstrap-3-typeahead/4.0.2/bootstrap3-typeahead.js https://cdn.jsdelivr.net/npm/[email protected]/dist/lazyload.min.js https://www.google.com/cse/cse.js https://cse.google.com/cse/cse.js *.crazyegg.com *.clickcease.com https://cdn.jsdelivr.net/npm/[email protected]/dist/jquery.validate.min.js https://sandbox.bluesnap.com/web-sdk/5/bluesnap.js https://sandpay.bluesnap.com/web-sdk/5.4.0/hpf.js https://sandpay.bluesnap.com/web-sdk/5.4.0/hpfCvvInput.js https://sandpay.bluesnap.com/web-sdk/5.4.0/hpfExpInput.js https://sandpay.bluesnap.com/web-sdk/5.4.2/hpfExpInput.js https://sandpay.bluesnap.com/web-sdk/5.4.2/hpf.js https://sandpay.bluesnap.com/web-sdk/5.4.2/hpfCvvInput.js https://www.google.com/cse/ https://www.google.com/cse/* https: https://cdn.insight.sitefinity.com https://dec.azureedge.net js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.google-analytics.com *.eloqua.com *.en25.com web-chat.nativechat.com cdn.ampproject.org 'nonce-7bbfb608-8071-4433-9ca2-423032fb1611'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: data: blob: mediastream: https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; img-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https: http: mediastream: www.googletagmanager.com https://cdn.insight.sitefinity.com https://dec.azureedge.net track.hubspot.com js.hsleadflows.net forms.hsforms.com *.google-analytics.com *.eloqua.com web-chat.nativechat.com; font-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: http: blob: mediastream:; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: data: blob: mediastream: forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: http: blob: mediastream: www.googletagmanager.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com *.google-analytics.com; media-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https: http: mediastream:; child-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: data: blob: mediastream: web-chat.nativechat.com; form-action 'unsafe-inline' 'unsafe-eval' https: http: 'self' data: blob: mediastream:; object-src 'unsafe-inline' 'unsafe-eval' 'self' blob: mediastream:

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer-when-downgrade

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

Performance Headers

1 headers

Connection

Performance

close

Caching Headers

3 headers

Cache-Control

Caching

no-cache

Expires

Caching

-1

Pragma

Caching

no-cache

Content Headers

2 headers

Content-Length

Content

136779

Content-Type

Content

text/html; charset=utf-8

Server Headers

2 headers

Server

Microsoft-IIS/10.0

X-Aspnet-Version

Server

4.0.30319

CORS Headers

1 headers

Access-Control-Expose-Headers

Cors

Request-Context

Cookies Headers

0 headers

No cookies headers found

Other Headers

2 headers

Date

Other

Thu, 15 Jan 2026 23:11:56 GMT

Request-Context

Other

appId=cid-v1:ce2357cc-46f7-4e39-a74b-2b648011538f

Recommendations

Enable compression (gzip/brotli) to improve performance