HTTP Headers Analysis for https://platform.qa.com

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Basic

frame-ancestors; object-src; worker-src; +2 more

frame-ancestors 'self' *.cloudacademy.com *.app.qa.com *.platform.qa.com https://cloudacademycom.zendesk.com teams.microsoft.com *.teams.microsoft.com *.skype.com https://www.recaptcha.net; object-src 'none'; worker-src 'self' blob:; font-src 'self' data: https://fonts.gstatic.com; script-src 'unsafe-eval' 'unsafe-inline' cloudacademy.com app.qa.com platform.qa.com *.cloudacademy.com *.app.qa.com *.platform.qa.com https://www.googletagmanager.com https://js.usemessages.com https://js.hs-banner.com https://connect.facebook.net https://snap.licdn.com https://www.redditstatic.com https://www.google-analytics.com https://js-na1.hs-scripts.com https://www.googleadservices.com j.6sc.co analytics.churnzero.net *.pendo.io cdn.mxpnl.com bat.bing.com js.hs-analytics.net https://static.hotjar.com https://script.hotjar.com https://googleads.g.doubleclick.net https://tracking.g2crowd.com https://apis.google.com https://www.gstatic.com https://www.gstatic.cn gstatic.cn *.gstatic.cn https://www.recaptcha.net appleid.cdn-apple.com https://static.filestackapi.com cdn.usersnap.com api.usersnap.com https://api.ipify.org https://static.zdassets.com https://js.recurly.com https://js.stripe.com https://www.youtube.com https://cloudacademy.disqus.com https://cdnjs.cloudflare.com https://app.hubspot.com cdn.polyfill.io static.zdassets.com https://cloudacademycom.zendesk.com p20.zdassets.com cdn.jsdelivr.net tags.srv.stackadapt.com load.sumo.com ssl.geoplugin.net js.hsforms.net js.hs-scripts.com forms.hsforms.com ajax.googleapis.com *.iubenda.com *.usersnap.com *.appcues.com optimize.google.com *.statuspage.io https://code.jquery.com *.googleapis.com https://d2yyd1h5u9mauk.cloudfront.net/integrations/web/v1/library/qi8Gs8qtNKqRobeK/delighted.js https://www.google.com https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://www.clarity.ms https://www.googleoptimize.com *.sleeknote.com https://js.storylane.io *.quantserve.com https://*.daily.co https://unpkg.com/@daily-co/daily-js *.clickcease.com https://*.hockeystack.com https://rules.quantcount.com https://*.qualtrics.com blob:

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

strict-origin, strict-origin-when-cross-origin

Permissions-Policy

Present

camera=*, microphone=*

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking

Performance Headers

2 headers

Connection

Performance

close

Vary

Performance

Accept-Encoding

Caching Headers

1 headers

Etag

Caching

"p5pxoyuoy4r3b"

Content Headers

2 headers

Content-Length

Content

35111

Content-Type

Content

text/html; charset=utf-8

Server Headers

0 headers

No server headers found

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

7 headers

Alt-Svc

Other

h3=":443"; ma=86400

Date

Other

Sat, 24 Jan 2026 20:34:09 GMT

Feature-Policy

Other

accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'

Via

Other

1.1 4244245835579031ffc201ddc6d644a2.cloudfront.net (CloudFront)

X-Amz-Cf-Id

Other

ZJEoKteq1DcLC_8YhPNfFDk3VVBQbBM2WX9x55cy6-wfA-2todeuQw==

X-Amz-Cf-Pop

Other

IAD55-P1

X-Cache

Other

Miss from cloudfront

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching