Open
Cached
·
just now
13
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Basic
default-src; script-src; style-src; +10 more
default-src https:; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' websupport.cz *.websupport.cz websupport.sk *.websupport.sk websupport.se *.websupport.se websupport.hu *.websupport.hu *.iubenda.com *.redditstatic.com tracker.metricool.com cookiebot.com *.cookiebot.com googleapis.com *.googleapis.com trustpilot.com *.trustpilot.com googletagmanager.com *.googletagmanager.com *.google-analytics.com googleads.g.doubleclick.net *.googlesyndication.com *.google.sk google.sk *.googleadservices.com analytics.tiktok.com stats.g.doubleclick.net connect.facebook.net snap.licdn.com cdn.plyr.io bat.bing.com *.ads-twitter.com c.seznam.cz *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.ladesk.com *.isy-teamblue.services *.motu-teamblue.services *.teamblue.services *.acsbapp.com *.adform.net *.youtube.com *.google.com google.com *.exponea.com; style-src 'self' 'report-sample' 'unsafe-inline' websupport.cz *.websupport.cz websupport.sk *.websupport.sk websupport.hu *.websupport.hu websupport.se *.websupport.se *.googletagmanager.com cdn.iubenda.com cdn.plyr.io; object-src 'self'; base-uri 'self'; connect-src 'self' 'report-sample' data: ws://localhost:12387 websupport.cz *.websupport.cz websupport.hu *.websupport.hu websupport.sk *.websupport.sk websupport.se *.websupport.se *.iubenda.com *.redditstatic.com *.reddit.com googleapis.com *.googleapis.com *.google.com google.com *.google.sk google.sk pagead2.googlesyndication.com *.googleadservices.com px.ads.linkedin.com analytics.tiktok.com bat.bing.com *.google-analytics.com stats.g.doubleclick.net *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.acsbapp.com *.motu-teamblue.services *.teamblue.services h.seznam.cz noembed.com cdn.plyr.io autoform.ekosystem.slovensko.digital; font-src 'self' 'report-sample' 'unsafe-inline' data: websupport.cz *.websupport.cz websupport.sk *.websupport.sk websupport.se *.websupport.se websupport.hu *.websupport.hu gstatic.com *.gstatic.com; frame-ancestors 'self' *.websupport.sk; frame-src 'self' 'report-sample' *.websupport.sk websupport.sk *.websupport.cz websupport.cz *.websupport.hu websupport.hu *.websupport.se websupport.se blob: ladesk.com *.ladesk.com cookiebot.com *.cookiebot.com youtube.com www.youtube-nocookie.com *.youtube.com docs.google.com *.googletagmanager.com *.doubleclick.net *.facebook.com public.infinario.com *.iubenda.com autoform.ekosystem.slovensko.digital; img-src 'self' 'report-sample' data: cookiebot.com *.cookiebot.com *.reddit.com tracker.metricool.com gravatar.com *.gravatar.com gstatic.com *.gstatic.com *.google.com *.google.al *.google.at *.google.ba *.google.be *.google.bg *.google.by *.google.ch *.google.com.cy *.google.cz *.google.de *.google.dk *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gg *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.hr *.google.hu *.google.ie *.google.is *.google.it *.google.je *.google.kz *.google.li *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mk *.google.mt *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.ru *.google.se *.google.si *.google.sk *.google.sm *.google.rs *.google.com.ua *.google.co.uk *.google.cat *.facebook.com *.googletagmanager.com *.g.doubleclick.net maps.googleapis.com *.google-analytics.com *.googleadservices.com *.linkedin.com t.co analytics.twitter.com bat.bing.com c.seznam.cz *.ytimg.com *.motu-teamblue.services *.teamblue.services brxcdn.com websupport.cz *.websupport.cz websupport.sk *.websupport.sk websupport.hu *.websupport.hu websupport.se *.websupport.se; manifest-src 'self'; media-src 'self'; worker-src 'self';
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Good
no-referrer-when-downgrade
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Content-Type-Options: nosniff
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
keep-alive
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding
Caching Headers
3 headers
Cache-Control
Caching
max-age=0
Expires
Caching
Sat, 22 Nov 2025 10:35:10 GMT
Last-Modified
Caching
Sat, 22 Nov 2025 01:25:37 GMT
Content Headers
1 headers
Content-Type
Content
text/html; charset=UTF-8
Server Headers
1 headers
Server
Server
nginx
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
1 headers
Date
Other
Sat, 22 Nov 2025 10:35:10 GMT
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 1317ms