HTTP Headers Analysis for https://static.importgenius.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31557600

Content-Security-Policy

Basic

default-src; img-src; media-src; +9 more

default-src 'self'; img-src 'self' data: *.importgenius.cn importgenius.cn *.importgenius.com importgenius.com *.website-files.com sb.scorecardresearch.com *.youtube.com i.vimeocdn.com ssl.google-analytics.com *.google-analytics.com *.swaychat.com *.cloudfront.net cdn.ampproject.org pbs.twimg.com ws.sharethis.com l.sharethis.com *.facebook.com *.ucarecdn.com ucarecdn.com maps.googleapis.com maps.gstatic.com *.doubleclick.net *.google.com.ph *.google.com.pk i.ytimg.com *.bing.com bing.com *.clarity.ms *.calendly.com googletagmanager.com www.googletagmanager.com *.albacross.com albacross.com *.zohopublic.com zohopublic.com *.zohocdn.com zohocdn.com *.zoho.com *.lfeeder.com lfeeder.com *.customer.io customer.io images.unsplash.com zohopagesense.nimbuspop.com *.ads.linkedin.com googleadservices.com *.googleadservices.com bat.bing.net *.bat.bing.net *.cloudflare.com alb.reddit.com clearout.io ct.capterra.com *.google.com google.com *.google.ca google.ca *.google.com.mx google.com.mx *.google.co.uk google.co.uk *.google.com.tr google.com.tr *.google.co.in google.co.in *.google.com.br google.com.br *.google.com.au google.com.au *.google.ae google.ae *.google.co.kr google.co.kr; media-src 'self' *.importgenius.com *.google.com *.google-analytics.com cdn.prod.website-files.com ; frame-src 'self' *.zohopublic.com zohopublic.com static.zohocdn.com *.importgenius.com *.google.com *.swaychat.com *.googleapis.com www.youtube.com player.vimeo.com *.sharethis.com *.facebook.com *.firebaseio.com *.doubleclick.net recaptcha.net www.googletagmanager.com *.calendly.com calendly.com *.recaptcha.net recaptcha.net *.recurly.com recurly.com cdn.embedly.com *.schedulehero.io *.cloudflare.com *.google.com google.com *.google.ca google.ca *.google.com.mx google.com.mx *.google.co.uk google.co.uk *.google.com.tr google.com.tr *.google.co.in google.co.in *.google.com.br google.com.br *.google.com.au google.com.au *.google.ae google.ae *.google.co.kr google.co.kr; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: us-assets.i.posthog.com cdn.jsdelivr.net app.optibase.io *.website-files.com *.clarity.ms snap.licdn.com *.hotjar.com *.omappapi.com www.recaptcha.net edge.fullstory.com *.googletagmanager.com *.doubleclick.net polyfill-fastly.io *.gstatic.com cdn.ranksci.com *.importgenius.com *.importgenius.cn *.google.com ssl.google-analytics.com *.cloudfront.net *.googleapis.com firebaseio.com api.swayio.com *.firebaseio.com *.google-analytics.com www.gstatic.com *.swaychat.com *.googleadservices.com swaychat.firebaseio.com *.youtube.com s.ytimg.com cdn.ampproject.org *.sharethis.com connect.facebook.net recaptcha.net fullstory.com geocoder.api.here.com *.datadoghq-browser-agent.com *.bing.com *.zoho.com *.calendly.com *.albacross.com maillist-manage.com *.zohocdn.com zohocdn.com *.zohopublic.com zohopublic.com *.customer.io customer.io *.lfeeder.com lfeeder.com *.recurly.com recurly.com code.jquery.com cdn.pagesense.io js.usebasin.com unpkg.com cdnjs.cloudflare.com cdn.logr-ingest.com *.claydar.com assets.revenuehero.io ipinfo.io *.redditstatic.com clearout.io *.cloudflare.com *.google.com google.com *.google.ca google.ca *.google.com.mx google.com.mx *.google.co.uk google.co.uk *.google.com.tr google.com.tr *.google.co.in google.co.in *.google.com.br google.com.br *.google.com.au google.com.au *.google.ae google.ae *.google.co.kr google.co.kr; worker-src 'self' blob:; connect-src 'self' c.ba.contentsquare.net app.optibase.io videsigns-staging.co.uk raw.githubusercontent.com geocoder.api.here.com *.google-analytics.com *.ads.linkedin.com *.swayio.com *.importgenius.com wss://*.firebaseio.com *.swaychat.com *.googleapis.com l.sharethis.com *.ucarecdn.com ucarecdn.com *.sentry.io *.fullstory.com fullstory.com *.googletagmanager.com *.datadoghq.com analytics.google.com www.google.com google.com *.posthog.com *.clarity.ms clarity.ms salesiq.zohopublic.com wss://vts.zohopublic.com *.zohopublic.com vc.hotjar.io *.albacross.com *.doubleclick.net doubleclick.net *.recurly.com recurly.com api.omappapi.com omappapi.com *.facebook.com facebook.com wss://*.hotjar.com *.hotjar.com *.hotjar.io pagesense-collect.zoho.com get.geojs.io webflow.com api.ipify.org r.logr-ingest.com googleadservices.com *.googleadservices.com *.analytics.google.com cdn.jsdelivr.net *.claydar.com bat.bing.net app.revenuehero.io pixel-config.reddit.com clearout.io *.clearout.io *.bat.bing.net *.google.com google.com *.google.ca google.ca *.google.com.mx google.com.mx *.google.co.uk google.co.uk *.google.com.tr google.com.tr *.google.co.in google.co.in *.google.com.br google.com.br *.google.com.au google.com.au *.google.ae google.ae *.google.co.kr google.co.kr; font-src 'self' *.importgenius.com *.importgenius.cn data: cdn.prod.website-files.com *.webflow.com *.swaychat.com *.cloudfront.net fonts.gstatic.com *.googleapis.com css.zohocdn.com cdn2.importgenius.com webfonts.zoho.com static.zohocdn.com cdn.jsdelivr.net *.zohocdn.com ; style-src 'self' 'unsafe-inline' *.importgenius.com *.importgenius.cn *.website-files.com *.swaychat.com *.googleapis.com ws.sharethis.com *.google.com assets.calendly.com css.zohocdn.com *.zohocdn.com js.zohostatic.com *.zohostatic.com api.omappapi.com a.omappapi.com omappapi.com webfonts.zoho.com *.cloudflare.com cdn.jsdelivr.net ; manifest-src 'self' *.importgenius.com ; frame-ancestors 'self' *.importgenius.com ; object-src 'none';

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Vary

Performance

Accept-Encoding, Accept-Encoding

Caching Headers

2 headers

Age

Caching

0

Etag

Caching

"11c1d-DVbdpf+BGDfJf2Gyb3rxMxaG2J4"

Content Headers

2 headers

Content-Length

Content

72733

Content-Type

Content

text/html; charset=utf-8

Server Headers

0 headers

No server headers found

CORS Headers

1 headers

Access-Control-Allow-Origin

Cors

*

Cookies Headers

0 headers

No cookies headers found

Other Headers

3 headers

Allow

Other

GET, HEAD

Date

Other

Sat, 24 Jan 2026 01:48:06 GMT

X-Download-Options

Other

noopen

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching