HTTP Headers Analysis for https://rib-software.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; script-src-elem; connect-src; +12 more

default-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.bing.com https://*.clarity.ms https://*.wistia.com https://*.wistia.net; script-src-elem 'report-sample' 'unsafe-inline' blob: https://*.hotjar.com maps.googleapis.com https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps-api-v3/api/js/63/1b/places.js https://cdn.leandata.com/js-snippet/ld-book-v2.js https://cdn1.leandata.com/js-snippet/ld-book-popup.js https://maps.googleapis.com/maps-api-v3/api/js/63/1b/main.js https://*.clarity.ms https://*.bing.com https://elfsightcdn.com/platform.js https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 https://static.cloudflareinsights.com/* https://*.rib-software.com https://*.rib-software.com/* https://cdn.livechatinc.com/tracking.js https://*.wistia.com https://*.wistia.net https://src.litix.io https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://api.livechatinc.com/ https://connect.facebook.net/ https://www.facebook.com/ https://region1.google-analytics.com/ https://www.youtube.com/ https://ajax.cloudflare.com/ https://api.ipify.org/ https://ipapi.co https://ipapi.co/json/ https://privacy-proxy.usercentrics.eu/ https://privacy-proxy-server.usercentrics.eu/ https://uct.service.usercentrics/* https://app.usercentrics.eu/ https://privacy-proxy.usercentrics.eu/latest/uc-block.bundle.js https://www.youtube.com/api/stats/atr https://www.youtube.com/iframe_api https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://region1.analytics.google.com/ https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://www.gstatic.com/ https://www.googleadservices.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.youtube.com/s/player/704f0391/www-widgetapi.vflset/www-widgetapi.js https://play.google.com/log https://www.youtube.com/youtubei/v1/log_event https://snap.licdn.com/li.lms-analytics/insight.min.js https://tragwerksplanung.rib-software.com/ https://static.elfsight.com/platform/platform.js https://universe-static.elfsightcdn.com/ https://tr.capterra.com/static/wp.js https://www.google.com/ccm/collect https://px.ads.linkedin.com/collect https://*.bing.com https://tr.capterra.com/static/vcvr.js https://api.ipapi.com; connect-src 'self' https://www.google.com/pagead/form-data/971683776 google.com maps.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://*.clarity.ms https://www.facebook.com https://connect.facebook.net https://*.wistia.com https://*.wistia.net https://tr.capterra.com/static/sp.js.map https://aggregator.service.usercentrics.eu https://px.ads.linkedin.com https://region1.google-analytics.com https://region1.analytics.google.com https://core.service.elfsight.com https://elfsightcdn.com/platform.js https://ipapi.co/* https://api.ipify.org https://graphql.usercentrics.eu/graphql https://privacy-proxy.usercentrics.eu https://consent-api.service.consent.usercentrics.eu https://uct.service.usercentrics.eu https://privacy-proxy-server.usercentrics.eu/latest/uc-block.bundle.js https://www.youtube.com/api/stats/atr https://www.youtube.com/iframe_api https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://cdnjs.cloudflare.com https://googletagmanager.com https://tagmanager.google.com https://www.google.com/ccm/collect https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://fonts.googleapis.com https://api.usercentrics.eu https://stats.g.doubleclick.net https://analytics.google.com https://play.google.com/log https://www.youtube.com/youtubei/v1/log_event https://snap.licdn.com/li.lms-analytics/insight.min.js https://tragwerksplanung.rib-software.com https://tr.capterra.com/events/ https://app.leandata.com/routeFromFormInput https://app.leandata.com/* https://api.ipapi.com https://ipapi.co/latlong/ https://ipapi.co https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io; style-src 'self' 'report-sample' 'unsafe-inline' https://fast.wistia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' data: https://*.hotjar.com https://*.wistia.com https://go.rib-software.com/* https://*.rib-software.com/ https://*.rib-software.com/* https://fonts.gstatic.com https://www.youtube.com/s/player/704f0391/www-widgetapi.vflset/www-widgetapi.js https://cdn1.leandata.com/OpenSans-Light.ttf https://cdn1.leandata.com/OpenSans-Regular.ttf https://cdn1.leandata.com/OpenSans-SemiBold.ttf https://cdn1.leandata.com/OpenSans-Bold.ttf; frame-src 'self' data: https://rib-software.my.leandata.com/ https://go.rib-software.com/* https://*.rib-software.com/ https://*.rib-software.com/* https://fast.wistia.com https://fast.wistia.net https://www.meinauftrag.rib.de/ https://www.rib-software.com/* https://go.pardot.com/* https://go.pardot.com/ https://go.esam.ncee.rib-software.com/* https://go.esam.ncee.rib-software.com/ https://api.ipify.org/ https://secure.livechatinc.com/ https://td.doubleclick.net/ https://www.byggeweb.dk/ https://app.usercentrics.eu/ https://posimyththemes.com/ https://region1.analytics.google.com/ https://go.rib-software.com/ https://tragwerksplanung.rib-software.com/ https://www.rib-tragwerksplanung.com/ https://player.vimeo.com/ https://bid.g.doubleclick.net/ https://www.google.com https://wistia.com https://wistia.net https://www.youtube.com https://www.googletagmanager.com/ https://www.google.com/ccm/collect https://px.ads.linkedin.com/collect; frame-ancestors 'self' https://go.rib-software.com/* https://*.rib-software.com/*; img-src 'self' data: maps.gstatic.com *.googleapis.com *.ggpht.com https://*.clarity.ms https://*.bing.com https://*.wistia.com https://*.wistia.net https://www.facebook.com/ https://connect.facebook.net/ https://analytics.google.com/ https://i.ytimg.com/ https://px4.ads.linkedin.com/ https://www.google.de/ads/ga-audiences https://region1.analytics.google.com/ https://uct.service.usercentrics.eu/ https://www.google.co.in/ads/ga-audiences https://app.usercentrics.eu/ https://privacy-proxy-server.usercentrics.eu/ https://googleads.g.doubleclick.net/ https://i.vimeocdn.com/ https://www.linkedin.com/ https://px.ads.linkedin.com https://www.google-analytics.com https://www.google.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com cdnjs.cloudflare.com https://cdnjs.cloudflare.com/ajax/libs/flag-icons/6.6.6/flags/4x3/in.svg https://brand-assets.capterra.com/badge/aaa52fe9-1c4f-40ab-b128-68d9d56b4881.svg https://brand-assets.capterra.com https://rib-software.com/app/uploads/2022/10/success.png https://cdn1.leandata.com/images/form-submit-confirmation.svg; manifest-src 'self'; media-src 'self' https://*.wistia.com https://*.wistia.net; worker-src 'self' ; child-src https://www.youtube.com/ https://app.usercentrics.eu/ https://wistia.com https://wistia.net; report-uri https://65f14453bc57ae1120bf6fd9.endpoint.csper.io/?v=1;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), browsing-topics=()

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'

Performance Headers

3 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

Caching Headers

3 headers

Age

Caching

6651

Cache-Control

Caching

max-age=0, s-maxage=259000

Expires

Caching

Fri, 02 Jan 2026 10:13:41 GMT

Content Headers

1 headers

Content-Type

Content

text/html; charset=UTF-8

Server Headers

1 headers

Server

cloudflare

CORS Headers

1 headers

Access-Control-Allow-Origin

Cors

*

Cookies Headers

0 headers

No cookies headers found

Other Headers

8 headers

Cf-Cache-Status

Other

DYNAMIC

Cf-Edge-Cache

Other

cache,platform=wordpress

Cf-Ray

Other

9b7a1ea6aa9faa23-IAD

Date

Other

Fri, 02 Jan 2026 12:04:35 GMT

Link

Other

<https://www.rib-software.com/wp-json/>; rel="https://api.w.org/", <https://www.rib-software.com/wp-json/wp/v2/pages/21>; rel="alternate"; title="JSON"; type="application/json", <https://www.rib-software.com/>; rel=shortlink

Server-Timing

Other

cfEdge;dur=7,cfOrigin;dur=347

Speculation-Rules

Other

"/cdn-cgi/speculation"

X-Cache

Other

HIT

Recommendations

Enable compression (gzip/brotli) to improve performance