HTTP Headers Analysis for https://toptex.fr

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; script-src; style-src; +9 more

default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://deviceid.notolytix.com https://*.userguiding.com https://connect.facebook.net https://snap.licdn.com https://*.hotjar.com https://apis.google.com https://omg.toptex.fr https://www.googletagmanager.com https://sdk.privacy-center.org https://www.google.com https://ajax.cloudflare.com/ https://www.gstatic.com https://ipinfo.io https://cdn.jsdelivr.net https://*.lyra.com https://static.cloudflareinsights.com https://tag.toptex.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://api.lyra.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://px4.ads.linkedin.com https://*.privacy-center.org https://*.lyra.com https://www.googletagmanager.com https://www.facebook.com https://px.ads.linkedin.com https://www.google.com https://cdn.toptex.com https://tag.toptex.com https://region1.analytics.google.com https://www.google.fr https://stats.g.doubleclick.net https://www.toptex.fr https://*.toptex.com https://pagead2.googlesyndication.com https://files.europeancatalog.fr https://files.toptex.fr https://blog.toptex.com; connect-src 'self' https://*.privacy-center.org https://*.toptex.com wss://ws.hotjar.com https://*.hotjar.io https://www.facebook.com https://*.userguiding.com https://px.ads.linkedin.com https://www.google.com https://insights.algolia.io https://ipinfo.io https://api.privacy-center.org https://pagead2.googlesyndication.com https://*.algolia.net; frame-src 'self' https://public.traceforgood.com https://vimeo.com https://www.youtube.com https://tag.toptex.com https://www.googletagmanager.com https://www.google.com https://api.lyra.com https://player.vimeo.com https://ns.europeancatalog.com https://www.europeancatalog.com https://challenges.cloudflare.com; object-src 'self' www.toptex.com; base-uri 'self'; form-action 'self' https://secure.lyra.com; upgrade-insecure-requests; worker-src 'self' blob:;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

geolocation=(), camera=(), microphone=(), fullscreen=(self)

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'

Performance Headers

3 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

Caching Headers

5 headers

Age

Caching

3611

Cache-Control

Caching

no-store, no-cache, must-revalidate

Expires

Caching

Thu, 19 Nov 1981 08:52:00 GMT

Last-Modified

Caching

Mon, 19 Jan 2026 03:58:51 GMT

Pragma

Caching

no-cache

Content Headers

1 headers

Content-Type

Content

text/html; charset=UTF-8

Server Headers

1 headers

Server

cloudflare

CORS Headers

1 headers

Access-Control-Allow-Origin

Cors

https://media.toptex.com

Cookies Headers

0 headers

No cookies headers found

Other Headers

4 headers

Alt-Svc

Other

h3=":443"; ma=86400

Cf-Cache-Status

Other

HIT

Cf-Ray

Other

9c06000a29e4379a-IAD

Date

Other

Mon, 19 Jan 2026 11:30:27 GMT

Recommendations

Enable compression (gzip/brotli) to improve performance