HTTP Headers Analysis for https://paipdev.se.com

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Basic

default-src; script-src; style-src; +9 more

default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mfe-cdn.thoughtspotdev.cloud https://mfe-cdn.thoughtspotstaging.cloud https://mfe-cdn.thoughtspot.cloud https://docs.thoughtspot.com https://cdn.mxpnl.com https://api.segment.io https://pendo-io-static.storage.googleapis.com https://d3sbxpiag177w8.cloudfront.net https://cdn.skypack.dev cdn.jsdelivr.net https://edge.fullstory.com https://rs.fullstory.com https://assets.trybento.co https://app.cord.com https://embeddable-sandbox.cdn.apollographql.com; style-src 'self' 'unsafe-inline' blob: https://mfe-cdn.thoughtspotdev.cloud https://mfe-cdn.thoughtspotstaging.cloud https://mfe-cdn.thoughtspot.cloud https://button.glitch.me https://app.pendo.io https://pendo-static-5110210082111488.storage.googleapis.com https://d3sbxpiag177w8.cloudfront.net https://fonts.googleapis.com cdn.jsdelivr.net https://app.cord.com; img-src 'self' data: https://asset.brandfetch.io https://docs.thoughtspot.com https://embedwistia-a.akamaihd.net https://glitch.com https://cdn.glitch.com https://avatars0.githubusercontent.com https://pendo-static-5110210082111488.storage.googleapis.com https://www.thoughtspot.com/ https://rs.fullstory.com https://api.mapbox.com https://apollo-server-landing-page.cdn.apollographql.com https://app.cord.com https://cdn.cord.com https://s3.eu-west-2.amazonaws.com cdn.jsdelivr.net blob: data: https://assets.trybento.co https://uploads.trybento.co data:; connect-src 'self' https://docs.thoughtspot.com https://mfe-cdn.thoughtspotdev.cloud https://mfe-cdn.thoughtspotstaging.cloud https://mfe-cdn.thoughtspot.cloud https://mp.proxy.thoughtspot.cloud https://cdn.mxpnl.com https://api.segment.io wss://nexus-websocket-a.intercom.io/ https://cdn.pendo.io https://api-js.mixpanel.com https://d3sbxpiag177w8.cloudfront.net https://api.mixpanel.com https://blink-releasemanager.thoughtspot.com https://edge.fullstory.com https://thoughtspot.cloud https://api.ipify.org https://embedwistia-a.akamaihd.net https://api.glitch.com https://unpkg.com https://rs.fullstory.com https://*.mapbox.com https://udon.trybento.co wss://udon.trybento.co https://uploads.trybento.co https://assets.trybento.co https://app.cord.com https://api.cord.com wss://api.cord.com https://o951476.ingest.sentry.io https://s3.eu-west-2.amazonaws.com https://identity.dataplane-public.thoughtspot.cloud; frame-ancestors 'self' https://stackblitz.com https://*.stackblitz.com https://*.stackblitz.io https://docs.thoughtspot.com https://plugin-party-sheets.vercel.app https://plugin-party-slides.vercel.app https://plugin-party-vercel.vercel.app https://thoughtspot-integration.vercel.app https://*.thoughtspot.com https://*.googleusercontent.com https://*.google.com; child-src 'self' blob: https://docs.thoughtspot.com; frame-src 'self' blob: https://docs.thoughtspot.com https://thoughtspot.github.io https://checkout.thoughtspot.com https://www.thoughtspot.com https://d3sbxpiag177w8.cloudfront.net https://stackblitz.com https://ts-blink.github.io https://visual-embed-sdk-dev.vercel.app https://visual-embed-sdk.vercel.app https://rest-api-sdk-v2-0.vercel.app https://rest-api-sdk-v2-0-dev.vercel.app https://visual-embed-sdk-8-8.vercel.app https://visual-embed-sdk-9-0.vercel.app https://everboarding.trybento.co https://www.youtube.com https://www.loom.com https://play.vidyard.com https://sandbox.embed.apollographql.com https://checkout-git-dev-thoughtspot-site.vercel.app https://*.readme.io *.pdom.thoughtspot.com; font-src 'self' https://mfe-cdn.thoughtspotdev.cloud https://mfe-cdn.thoughtspotstaging.cloud https://mfe-cdn.thoughtspot.cloud https://fonts.gstatic.com https://d3sbxpiag177w8.cloudfront.net data: https://fonts.gstatic.com cdn.jsdelivr.net https://assets.trybento.co https://uploads.trybento.co; media-src 'self' https://embedwistia-a.akamaihd.net https://assets.trybento.co https://uploads.trybento.co blob: data:; worker-src 'self' blob:; report-uri https://report-uri.vercel.app/api/report;

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

Strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Consider adding Permissions-Policy to control browser features

Performance Headers

1 headers

Connection

Performance

close

Caching Headers

3 headers

Cache-Control

Caching

no-cache

Expires

Caching

Wed, 21 Jan 2026 15:47:19 GMT

Pragma

Caching

no-cache

Content Headers

2 headers

Content-Length

Content

45272

Content-Type

Content

text/html; charset=utf-8

Server Headers

0 headers

No server headers found

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

3 headers

Date

Other

Wed, 21 Jan 2026 15:47:20 GMT

Expect-C

Other

max-age=0

X-Ua-Compatible

Other

IE=edge

Recommendations

Enable compression (gzip/brotli) to improve performance