HTTP Headers Analysis for https://intomics.eu

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000; includeSubdomains;

Content-Security-Policy

Basic

frame-ancestors; frame-src; img-src; +5 more

frame-ancestors 'self' *.zs.com https://zsprize.zs.com/; frame-src https://app.altrulabs.com/ *.surveymonkey.com https://acdn.adnxs.com/ *.google.com *.ampproject.org *.vimeo.com *.adobe.com *.zs.com *.hotjar.com *.doubleclick.net *.facebook.com *.demdex.net *.youtube.com *.buzzsprout.com *.ceros.com *.company-target.com https://www.google.co.in/ https://www.faceook.com/ https://www.googleadservices.com/ https://www.google.com/ https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.googletagmanager.com/; img-src https://tag.simpli.fi/ *.adnxs.com https://acdn.adnxs.com/ https://i.vimeocdn.com/ *.zs.com 'self' https://www.google.co.in/ https://www.faceook.com/ https://www.googleadservices.com/ https://www.google.com/ https://googleads.g.doubleclick.net https://www.googletagmanager.com *.bing.com https://www.googleadservices.com *.clarity.ms *.smassets.net *.twitter.com *.cookielaw.org *.ampproject.org *.scene7.com *.company-target.com https://match.prod.bidr.io *.doubleclick.net *.google.com *.google.co.in *.linkedin.com *.google-analytics.com *.facebook.com https://t.co *.adsymptotic.com *.akamaihd.net https://zs.sc.omtrdc.net *.everesttech.net *.ytimg.com *.googletagmanager.com *.demdex.net *.rlcdn.com; style-src 'self' 'unsafe-inline' https://www.google.co.in/ https://acdn.adnxs.com/ https://www.faceook.com/ https://www.googleadservices.com/ https://www.google.com/ https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.jsdelivr.net *.ampproject.org *.buzzsprout.com *.zs.com; font-src 'self' https://www.google.co.in/ https://acdn.adnxs.com/ https://www.faceook.com/ https://www.googleadservices.com/ https://www.google.com/ https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.jsdelivr.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://acdn.adnxs.com/ https://player.vimeo.com/ https://code.jquery.com/jquery-3.5.0.min.js https://i.simpli.fi/ https://pixel.byspotify.com/ping.min.js https://tag.simpli.fi/ *.clarity.ms *.bing.com *.googleapis.com https://cdn.jsdelivr.net https://flow.cience.com *.surveymonkey.com *.go-mpulse.net *.gstatic.com *.google.com *.ampproject.org *.zs.com *.adobe.com *.adobedtm.com *.googletagmanager.com *.demandbase.com https://www.googleadservices.com *.youtube.com *.doubleclick.net *.licdn.com *.google-analytics.com *.ads-twitter.com https://s.ytimg.com *.facebook.net *.hotjar.com *.cookielaw.org *.marketo.net https://analytics.twitter.com *.onetrust.com *.akamaihd.net *.buzzsprout.com https://www.google.co.in/ https://www.faceook.com/ https://www.googleadservices.com/ https://www.google.com/ https://googleads.g.doubleclick.net https://www.googletagmanager.com *.ceros.com *.zs.com; connect-src https://pixels.spotify.com/ *.adnxs.com https://www.google.co.in/ https://www.faceook.com/ https://acdn.adnxs.com/ https://www.googleadservices.com/ https://www.google.com/ https://googleads.g.doubleclick.net https://www.googletagmanager.com https://pagead2.googlesyndication.com https://assets.adobedtm.com *.linkedin.com *.clarity.ms 'self' *.akstat.io/ *.go-mpulse.net *.bing.com https://vimeo.com/ https://flow.cience.com https://flow.cience.com/api/v1/event* https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.facebook.com/privacy_sandbox/topics/registration* https://bat.bing.net/actionp/0?ti=343128404&Ver=2&mid=e17b58ce-5a61-4fbe-b4d4-11b0dee2e440&bo=2&evt=consent&src=default&cdb=AQET&asc=D https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt* *.demandbase.com *.linkedin.oribi.io *.google.com *.ampporject.org *.ampproject.org *.company-target.com *.tt.omtrdc.net *.cookielaw.org *.mktoresp.com *.google-analytics.com *.hotjar.com *.doubleclick.net *.demdex.net *.omtrdc.net *.hotjar.io https://google.com/; worker-src blob:;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers

Connection

Performance

Transfer-Encoding

Performance

chunked

Caching Headers

2 headers

Etag

Caching

"86d82-645be9b768cd8-gzip"

Last-Modified

Caching

Fri, 12 Dec 2025 10:20:14 GMT

Content Headers

1 headers

Content-Type

Content

text/html;charset=utf-8

Server Headers

1 headers

Server

Apache

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

ApplicationGatewayAffinity=82344efa8b2a852143a5d382aeebc846; Path=/

Other Headers

6 headers

Amp-Same-Origin

Other

true

Date

Other

Sun, 28 Dec 2025 20:27:23 GMT

Server-Timing

Other

ak_p; desc="1766953643479_389047309_1625750237_8748_4409_1_4_-";dur=1

X-Akamai-Transformed

Other

9 - 0 pmb=mRUM,1

X-Dispatcher

Other

dispatcher1eastus-28574477

X-Vhost

Other

publish

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching