HTTP Headers Analysis for https://support.jumpcloud.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; font-src; img-src; +3 more

default-src 'self' blob: https://app.qualified.com wss://ws7.qualified.com https://706-rst-100.mktoresp.com https://*.6sense.com/v3/company/details https://console.jumpcloud.com https://jump-cloud.navattic.com https://capture.navattic.com https://*.reddit.com https://www.redditstatic.com https://*.chilipiper.com wss://*.intercom.io https://*.intercom.io https://*.google.com https://bam.nr-data.net https://ct.capterra.com https://cdn.linkedin.oribi.io/partner/373868/domain/jumpcloud.com/token https://px.ads.linkedin.com https://ibc-flow.techtarget.com https://jumpcloud940.outgrow.us/ https://*.takingbackjuly.com https://optanon.blob.core.windows.net https://segmentcdn.jumpcloud.com https://c.6sc.co/ https://ipv6.6sc.co/ https://scout.salesloft.com https://www.youtube.com https://secure.adnxs.com https://xd.adobe.com https://embedwistia-a.akamaihd.net https://bat.bing.com https://api.segment.io https://*.litix.io https://calendly.com https://*.wistia.com https://*.wistia.net https://bam-cell.nr-data.net https://insight.adsrvr.org https://privacyportal.onetrust.com https://pixels.spotify.com/v1/ingest https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://js.driftt.com https://info.jumpcloud.com https://analytics.google.com/ https://cdn.segment.com https://ajax.googleapis.com https://www.facebook.com https://us-central1-adaptive-growth.cloudfunctions.net https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://cdn.cookielaw.org https://*.clarity.ms https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.buzzsprout.com *.split.io; font-src 'self' data: fonts.gstatic.com use.typekit.net; img-src 'self' data: blob: *; script-src 'unsafe-eval' 'unsafe-inline' 'self' blob: data: https://js.qualified.com https://munchkin.marketo.net https://use.typekit.net https://widget.intercom.io/widget/wgmb0rm8 https://secure.intelligent-business-7.com/ https://js.adsrvr.org/ https://js.intercomcdn.com https://*.chilipiper.com https://www.youtube.com https://bam.nr-data.net https://static.cloudflareinsights.com https://*.takingbackjuly.com https://cdn-assets-prod.s3.amazonaws.com https://segmentcdn.jumpcloud.com https://info.jumpcloud.com https://cdn.jsdelivr.net https://*.clarity.ms https://cloud.jumpcloud.com https://*.calendly.com https://cdn.pdst.fm https://cdn.pdst.fm https://bam-cell.nr-data.net https://pi.pardot.com https://js-agent.newrelic.com https://analytics.twitter.com https://platform.twitter.com https://grow.clearbitjs.com https://a.smtrk.net https://trk.techtarget.com https://static.ads-twitter.com https://*.wistia.net https://*.wistia.com https://js.driftt.com https://a.quora.com https://scout-cdn.salesloft.com https://www.redditstatic.com https://connect.facebook.net https://bat.bing.com https://j.6sc.co https://snap.licdn.com https://cdn.segment.com https://ajax.googleapis.com https://www.facebook.com https://us-central1-adaptive-growth.cloudfunctions.net https://*.hotjar.com https://*.doubleclick.net https://cdn.cookielaw.org https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.buzzsprout.com https://geolocation.onetrust.com https://www.gstatic.com https://www.googleadservices.com https://dyv6f9ner1ir9.cloudfront.net/assets/js/sloader.js; style-src 'unsafe-inline' 'self' https://www.googletagmanager.com fonts.googleapis.com https://info.jumpcloud.com use.typekit.net p.typekit.net https://*.calendly.com; media-src 'self' data: blob: *;

X-Frame-Options

Excellent

deny

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer-when-downgrade

Permissions-Policy

Present

camera=(), geolocation=(), microphone=(), payment=(), screen-wake-lock=()

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'

Performance Headers

3 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

Caching Headers

4 headers

Age

Caching

45981

Cache-Control

Caching

public, max-age=3600

Expires

Caching

Tue, 20 Jan 2026 07:00:57 GMT

Last-Modified

Caching

Mon, 19 Jan 2026 17:14:36 GMT

Content Headers

1 headers

Content-Type

Content

text/html; charset=UTF-8

Server Headers

1 headers

Server

cloudflare

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

6 headers

Cf-Apo-Via

Other

tcache

Cf-Cache-Status

Other

HIT

Cf-Edge-Cache

Other

cache,platform=wordpress

Cf-Ray

Other

9c0c5abc5c15e600-IAD

Date

Other

Tue, 20 Jan 2026 06:00:57 GMT

Link

Other

<https://jumpcloud.com/wp-json/>; rel="https://api.w.org/"

Recommendations

Enable compression (gzip/brotli) to improve performance