HTTP Headers Analysis for https://support.maxidentsoftware.com

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Good

default-src; style-src; img-src; +4 more

default-src 'self' wss: api.getscreen.me getscreen.me go.getscreen.me px-au1.getscreen.me px-br1.getscreen.me px-eu1.getscreen.me px-in1.getscreen.me px-in2.getscreen.me px-kr1.getscreen.me px-us1.getscreen.me px-us2.getscreen.me signal.getscreen.me st1.getscreen.me *.paddle.com m.getscreen.me s.getscreen.me telegram.org oauth.telegram.org www.googletagmanager.com stats.g.doubleclick.net *.analytics.google.com www.google.com www.gstatic.com browser.sentry-cdn.com challenges.cloudflare.com oauth.telegram.org telegram.org; style-src 'self' wss: api.getscreen.me getscreen.me go.getscreen.me px-au1.getscreen.me px-br1.getscreen.me px-eu1.getscreen.me px-in1.getscreen.me px-in2.getscreen.me px-kr1.getscreen.me px-us1.getscreen.me px-us2.getscreen.me signal.getscreen.me st1.getscreen.me *.paddle.com m.getscreen.me s.getscreen.me telegram.org oauth.telegram.org www.googletagmanager.com stats.g.doubleclick.net *.analytics.google.com www.google.com www.gstatic.com browser.sentry-cdn.com challenges.cloudflare.com oauth.telegram.org telegram.org 'unsafe-inline'; img-src 'self' data: wss: api.getscreen.me getscreen.me go.getscreen.me px-au1.getscreen.me px-br1.getscreen.me px-eu1.getscreen.me px-in1.getscreen.me px-in2.getscreen.me px-kr1.getscreen.me px-us1.getscreen.me px-us2.getscreen.me signal.getscreen.me st1.getscreen.me *.paddle.com m.getscreen.me s.getscreen.me telegram.org oauth.telegram.org www.googletagmanager.com stats.g.doubleclick.net *.analytics.google.com www.google.com www.gstatic.com browser.sentry-cdn.com challenges.cloudflare.com oauth.telegram.org telegram.org; font-src 'self' data: wss: api.getscreen.me getscreen.me go.getscreen.me px-au1.getscreen.me px-br1.getscreen.me px-eu1.getscreen.me px-in1.getscreen.me px-in2.getscreen.me px-kr1.getscreen.me px-us1.getscreen.me px-us2.getscreen.me signal.getscreen.me st1.getscreen.me *.paddle.com m.getscreen.me s.getscreen.me telegram.org oauth.telegram.org www.googletagmanager.com stats.g.doubleclick.net *.analytics.google.com www.google.com www.gstatic.com browser.sentry-cdn.com challenges.cloudflare.com oauth.telegram.org telegram.org; script-src 'self' 'nonce-rp8bhqzpvliS1Y6CtFDYKQ' wss: api.getscreen.me getscreen.me go.getscreen.me px-au1.getscreen.me px-br1.getscreen.me px-eu1.getscreen.me px-in1.getscreen.me px-in2.getscreen.me px-kr1.getscreen.me px-us1.getscreen.me px-us2.getscreen.me signal.getscreen.me st1.getscreen.me *.paddle.com m.getscreen.me s.getscreen.me telegram.org oauth.telegram.org www.googletagmanager.com stats.g.doubleclick.net *.analytics.google.com www.google.com www.gstatic.com browser.sentry-cdn.com challenges.cloudflare.com oauth.telegram.org telegram.org; connect-src 'self' wss: api.getscreen.me getscreen.me go.getscreen.me px-au1.getscreen.me px-br1.getscreen.me px-eu1.getscreen.me px-in1.getscreen.me px-in2.getscreen.me px-kr1.getscreen.me px-us1.getscreen.me px-us2.getscreen.me signal.getscreen.me st1.getscreen.me *.paddle.com m.getscreen.me s.getscreen.me telegram.org oauth.telegram.org www.googletagmanager.com stats.g.doubleclick.net *.analytics.google.com www.google.com www.gstatic.com browser.sentry-cdn.com challenges.cloudflare.com oauth.telegram.org telegram.org; frame-src 'self' wss: api.getscreen.me getscreen.me go.getscreen.me px-au1.getscreen.me px-br1.getscreen.me px-eu1.getscreen.me px-in1.getscreen.me px-in2.getscreen.me px-kr1.getscreen.me px-us1.getscreen.me px-us2.getscreen.me signal.getscreen.me st1.getscreen.me *.paddle.com m.getscreen.me s.getscreen.me telegram.org oauth.telegram.org www.googletagmanager.com stats.g.doubleclick.net *.analytics.google.com www.google.com www.gstatic.com browser.sentry-cdn.com challenges.cloudflare.com oauth.telegram.org telegram.org;

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Strengthen CSP by removing 'unsafe-eval'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Caching Headers

3 headers

Cache-Control

Caching

no-cache, no-store, must-revalidate

Expires

Caching

0

Pragma

Caching

no-cache

Content Headers

1 headers

Content-Type

Content

text/html; charset=utf-8

Server Headers

0 headers

No server headers found

CORS Headers

1 headers

Access-Control-Expose-Headers

Cors

X-Js-Cache

Cookies Headers

1 headers

Set-Cookie

Cookies

lang=en; Path=/; Domain=getscreen.me; Expires=Tue, 31 Dec 2030 19:53:28 GMT; Max-Age=157680000; HttpOnly

Other Headers

2 headers

Date

Other

Wed, 31 Dec 2025 19:53:28 GMT

X-Js-Cache

Other

38ca5df7e2aa82d4f8699e51bb86b5da

Recommendations

Enable compression (gzip/brotli) to improve performance