HTTP Headers Analysis for https://locuslogistics.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=300; includeSubdomains; preload

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

same-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Vary

Performance

Accept-Encoding

Caching Headers

3 headers

Age

Caching

80522

Etag

Caching

"b97564a5c4974c11f383b132b4584bbc"

Last-Modified

Caching

Wed, 21 Jan 2026 08:52:00 GMT

Content Headers

2 headers

Content-Length

Content

233883

Content-Type

Content

text/html

Server Headers

1 headers

Server

AmazonS3

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

10 headers

Content-Security-Policy-Report-Only

Other

default-src 'none'; script-src 'self' web-in21.mxradon.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com tr.capterra.com snap.licdn.com static.ads-twitter.com connect.facebook.net cdnjs.cloudflare.com js.zohostatic.com salesiq.zoho.com maxcdn.bootstrapcdn.com googleads.g.doubleclick.net px.ads.linkedin.com api.tiles.mapbox.com scripts.clarity.ms https://assets-us11.flostack.io/js/flo.min.js app.factors.ai *.hubspot.com *.hscollectedforms.net *.hs-banner.com *.hs-analytics.net *.hsadspixel.net *.hs-scripts.com *.hsforms.com *.hsforms.net; style-src 'self' 'unsafe-inline' css.zohostatic.com cdnjs.cloudflare.com fonts.googleapis.com; img-src 'self' data: blob: img.zohostatic.com www.google-analytics.com www.facebook.com stats.g.doubleclick.net www.google.com www.google.co.in *.hubspot.com *.hsforms.com *.hsforms.net; font-src 'self' fonts.gstatic.com fonts.googleapis.com; connect-src 'self' api.locus.sh wss://vts.zohopublic.com px.ads.linkedin.com analytics.google.com *.clarity.ms *.contentsquare.net tr.capterra.com api.factors.ai api.mapbox.com *.tiles.mapbox.com *.bablic.com *.hubspot.com *.hscollectedforms.net *.hs-banner.com *.hsforms.com *.hubapi.com *.flostack.io; media-src 'self'; frame-src salesiq.zohopublic.com www.youtube.com www.googletagmanager.com *.hubspot.com *.hsforms.com *.hsforms.net; worker-src 'self' blob: ; report-uri https://locus.report-uri.com/r/d/csp/reportonly;

Date

Other

Wed, 21 Jan 2026 09:01:23 GMT

Via

Other

1.1 3c324ded5bb9b770378ef373690c8a34.cloudfront.net (CloudFront)

X-Amz-Cf-Id

Other

osPZZtjup3KUGEJjwdXPgzcLl3bes_mgSint51T5BuiWIxGikqbH4A==

X-Amz-Cf-Pop

Other

IAD61-P1

X-Amz-Replication-Status

Other

FAILED

X-Amz-Server-Side-Encryption

Other

AES256

X-Amz-Version-Id

Other

Hs5QMbIefr_q2iFOmQLQdZsHEkz.hHud

X-Bablic-Id

Other

5d792a1ad6ebec00019f6124

X-Cache

Other

Hit from cloudfront

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching