HTTP Headers Analysis for https://techem.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31557600

Content-Security-Policy

Basic

default-src; script-src; style-src; +7 more

default-src 'none'; script-src 'self' *.2o7.net *.omtrdc.net *.techem.com *.scene7.com *.cookiebot.com *.cookiebot.eu *.marketo.net *.adition.com *.google.com assets.adobedtm.com connect.facebook.net snap.licdn.com *.google-analytics.com googleads.g.doubleclick.net www.googletagmanager.com www.googleadservices.com https://*.demdex.net https://*.youtube.com https://*.marketo.com https://cm.everesttech.net https://static.widget.trengo.eu https://stats.pusher.com https://assets.sitescdn.net https://assets.eu.sitescdn.net https://answers-embed.techem.de.pagescdn.com https://answers-embed.techem.de.eu.pagescdn.com https://widget.trustpilot.com https://*.mouseflow.com https://bat.bing.com https://documentservices.adobe.com https://acrobatservices.adobe.com https://api.staging.pso-empfehlen.dev https://api.pso-empfehlen.net https://techem-empfehlen.de https://www.techem-empfehlen.de https://pso-empfehlen.staging.pso-vertrieb.de https://empfehlen-admin.pso-vertrieb.de https://*.etracker.com https://*.etracker.de https://static.xingcdn.com https://*.intuitioncreative-52.com https://fastly.jsdelivr.net https://cdn.jsdelivr.net https://podio.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.2o7.net *.omtrdc.net *.scene7.com *.techem.com https://*.marketo.com https://www.gstatic.com https://assets.sitescdn.net https://assets.eu.sitescdn.net; font-src 'self' *.2o7.net *.omtrdc.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.bunny.net https://cdn.jsdelivr.net data:; img-src 'self' *.2o7.net *.omtrdc.net blob: data: https: *.adspirit.de; frame-src 'self' *.2o7.net *.omtrdc.net *.cookiebot.com *.cookiebot.eu *.techem.com *.youtube.com *.youtube-nocookie.com *.yextpages.net *.marketo.com *.google.com *.googletagmanager.com *.googleadservices.com *.facebook.com https://*.demdex.net bid.g.doubleclick.net techem.prospective.de answers-embed.techem.de.pagescdn.com answers-embed.techem.de.eu.pagescdn.com https://widget.trustpilot.com https://documentservices.adobe.com https://acrobatservices.adobe.com https://techem-experts.rogsurvey.de https://techem-atlas.vercel.app https://podio.com blob:; manifest-src 'self'; connect-src 'self' *.2o7.net *.omtrdc.net *.techem.com *.scene7.com *.google.com *.googleadservices.com *.marketo.com *.facebook.com *.pusher.com *.friendlycaptcha.com *.mktoutil.com googleads.g.doubleclick.net https://cm.everesttech.net https://assets.adobedtm.com https://*.demdex.net https://*.mktoresp.com https://*.cookiebot.com https://*.cookiebot.eu https://*.trengo.eu https://*.amazonaws.com https://*.westeurope.logic.azure.com https://*.yext.com https://answers.yext-pixel.com https://cdn.linkedin.oribi.io https://*.mouseflow.com https://px.ads.linkedin.com https://analytics.techem.de https://www.eu.yextevents.com https://prod-cdn.eu.yextapis.com https://viewlicense.adobe.io/viewsdklicense/jwt https://*.etracker.de https://techem-empfehlen.de https://www.techem-empfehlen.de; media-src 'self' https://static.widget.trengo.eu https://*.scene7.com *.techem.com blob:; frame-ancestors 'self' https://techem.events.rooom.com https://www.rooom.com https://*.etracker.com *.edge.agora.io:6443 *.edge.agora.io:9591 *.edge.agora.io:9593 *.edge.sd-rtn.com:6443 *.edge.sd-rtn.com:9591 *.edge.sd-rtn.com:9593 webcollector-rtm.agora.io:6443 webcollector-rtm.agora.io:9591 webcollector-rtm.agora.io:9593 ;

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Vary

Performance

Accept-Encoding

Caching Headers

5 headers

Age

Caching

0

Cache-Control

Caching

max-age=300

Etag

Caching

"150b8-64812d04cf5b5"

Expires

Caching

Sun, 11 Jan 2026 13:14:22 GMT

Last-Modified

Caching

Sun, 11 Jan 2026 01:38:21 GMT

Content Headers

2 headers

Content-Length

Content

86200

Content-Type

Content

text/html;charset=utf-8

Server Headers

0 headers

No server headers found

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

affinity="c6a60dff9d91542f"; Path=/; HttpOnly; secure

Other Headers

5 headers

Date

Other

Sun, 11 Jan 2026 13:09:22 GMT

X-Cache

Other

MISS

X-Served-By

Other

cache-ewr-kewr1740042-EWR

X-Timer

Other

S1768136962.964216,VS0,VS0,VE496

X-Vhost

Other

publish

Recommendations

Enable compression (gzip/brotli) to improve performance