HTTP Headers Analysis for https://support.boxcast.com

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Good

default-src; base-uri; connect-src; +8 more

default-src 'self'; base-uri 'self'; connect-src *.hubspot.com *.hubapi.com *.hs-analytics.net *.hs-banner.com *.hsforms.com *.hsadspixel.net *.hs-scripts.com *.hspstatics.net *.hsappstatic.net *.usemessages.com *.googletagmanager.com *.google.com *.doubleclick.net *.facebook.net 'self' wss://*.intercom.io https://*.intercom.io https://*.intercom.com https://*.fin.ai https://*.intercom-messenger.com wss://*.intercom-messenger.com https://*.intercom-chat.com wss://*.intercom-chat.com https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://*.google-analytics.com https://*.analytics.google.com https://cdn.cookielaw.org https://*.onetrust.com; font-src *.hubspot.com data: https:; frame-ancestors 'self' https://intercomrades.support https://intercom.skilljar.com https://academy.fin.ai https://academy.intercom.com https://academy.guests.intercom.com https://app.intercom.com https://app.eu.intercom.com https://app.au.intercom.com https://intercomrades.intercom.com https://intercomrades.eu.intercom.com https://intercomrades.au.intercom.com https://fin.ai https://app.fin.ai https://app.eu.fin.ai https://app.au.fin.ai; frame-src *.hubspot.com *.hsforms.com *.googletagmanager.com *.google.com 'self' https://platform.twitter.com https://staticxx.facebook.com https://fast.wistia.net https://fast.wistia.com https://www.useloom.com https://www.loom.com https://play.vidyard.com https://player.vimeo.com https://web.microsoftstream.com https://share.synthesia.io https://embed.app.guidde.com https://share.descript.com https://app.guideflow.com https://app.supademo.com https://supercut.ai https://demo.arcade.software https://www.facebook.com https://www.youtube.com https://www.youtube-nocookie.com https://content.jwplatform.com https://cdn.jwplayer.com https://players.brightcove.net https://intercom-sheets.com https://www.intercom-reporting.com https://*.sharepoint.com; img-src *.hubspot.com *.hs-analytics.net *.hsadspixel.net *.hspstatics.net *.hsappstatic.net *.doubleclick.net *.facebook.net *.google.com data: blob: https: http:; media-src data: blob: https:; object-src 'self' https://static.intercomassets.com; script-src *.hubspot.com *.hubapi.com *.hs-analytics.net *.hs-banner.com *.hsforms.com *.hsadspixel.net *.hs-scripts.com *.hspstatics.net *.hsappstatic.net *.usemessages.com *.googletagmanager.com *.google.com *.doubleclick.net *.facebook.net 'self' https://platform.twitter.com https://static.intercomassets.com https://googleadservices.com https://googletagmanager.com https://google-analytics.com https://widget.intercom.io https://js.intercomcdn.com https://*.google-analytics.com https://*.analytics.google.com https://intercom.help https://intercom-help.eu https://au.intercom.help https://cdn.cookielaw.org 'nonce-OWrpzss2DFPEAlKKeOrzLkkdl/k13T6W3DSSqcpdnI0='; style-src *.hubspot.com *.hs-banner.com 'self' 'unsafe-inline' https://fonts.intercomcdn.com https://static.intercomassets.com https://static.intercomcdn.com https://marketing.intercomassets.com https://marketing.intercomcdn.com https://intercom.help https://intercom-help.eu https://au.intercom.help https://static.intercomassets.eu https://static.au.intercomassets.com

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Strengthen CSP by removing 'unsafe-eval'
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Sec-Fetch-Site,Accept-Encoding

Caching Headers

2 headers

Cache-Control

Caching

max-age=0, private, must-revalidate

Etag

Caching

W/"a23cc994978c053f96bc86d2deca4b81"

Content Headers

1 headers

Content-Type

Content

text/html; charset=utf-8

Server Headers

2 headers

Server

nginx

X-Runtime

Server

1.496922

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

10 headers

Date

Other

Tue, 27 Jan 2026 21:28:30 GMT

Status

Other

200 OK

Via

Other

1.1 3d4bfc42e9575ee1f9559241c9e3f464.cloudfront.net (CloudFront)

X-Ami-Version

Other

ami-03ba6fa3bbe657769

X-Amz-Cf-Id

Other

hCcv10BgzfI2kMclhwTkUD85Et_EkpeTi0qQHLAk1ERdTX5kbED6jw==

X-Amz-Cf-Pop

Other

IAD12-P3

X-Cache

Other

Miss from cloudfront

X-Intercom-Version

Other

0ec2ea3f9d55ff821fad6a40a1ec705e5bc378c1

X-Request-Id

Other

000uh95lb44sgvhmqidg

X-Request-Queueing

Other

0

Recommendations

Enable compression (gzip/brotli) to improve performance