HTTP Headers Analysis for https://wellreceived.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

upgrade-insecure-requests; default-src; object-src; +12 more

upgrade-insecure-requests ; default-src 'self' ; object-src 'self'; sandbox allow-popups allow-scripts allow-same-origin allow-downloads allow-popups-to-escape-sandbox allow-presentation allow-forms; frame-ancestors 'none'; form-action https://www.facebook.com/tr/ https://www.youtube.com/; base-uri 'self'; report-uri;img-src 'self' data: https://www.google-analytics.com/ https://www.googletagmanager.com/ https://storage.googleapis.com/wellreceived/ https://storage.googleapis.com/livesupport/ https://storage.googleapis.com/distributedsource-new-app/ https://storage.chatsupport.co/ https://storage.googleapis.com/clientaccess/registration/ https://www.facebook.com/tr/ https://www.google.com/ https://*.google-analytics.com https://stats.g.doubleclick.net/r/ https://lh3.googleusercontent.com https://storage.googleapis.com/setmore-assets/2.0/Images/Logos/setmore-loader.gif https://my.setmore.com/bookingpage/images/setmoreFancyBoxCloseIcon.png https://storage.googleapis.com/setmore-assets/ https://googleads.g.doubleclick.net/pagead/ https://www.google.co.in/pagead/ https://www.google.com/pagead/ https://*.chatsupport.co https://r.tapnative.com/adx-dir-d/action https: ;script-src 'self' 'unsafe-eval' 'nonce-242107143b1e48a5be50facfbbdcac88' https://storage.googleapis.com/clientaccess/registration/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://script.hotjar.com/ https://unpkg.com/[email protected]/dist/aos.js https://assets.setmore.com/ https://assets.wellreceived.com/wellreceived/assets/js/main.js https://ajax.googleapis.com/ajax/libs/jquery/ https://rec.smartlook.com/recorder.js https://rec.smartlook.com/ https://bat.bing.com https://connect.facebook.net https://www.facebook.com/signals/ https://widget.trustpilot.com/bootstrap/ https://www.googleoptimize.com/ https://optimize.google.com https://script.tapfiliate.com/tapfiliate.js https://*.microsoft.com/clarity/ https://*.clarity.ms/ https://script.tapfiliate.com/ https://*.googleadservices.com https://www.googleadservices.com/pagead/ https://googleads.g.doubleclick.net/pagead/ https://s3.amazonaws.com/top-local-agencies/js/upcity_widget.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://web-sdk.smartlook.com/ https://assets.wellreceived.com/common/js/ https://*.chatsupport.co blob: https://js.sentry-cdn.com/ https://browser.sentry-cdn.com/ https://storage.googleapis.com/branding-resources/ https://*.tiktok.com/ https://www.google.com/ccm/ https://cdn.callrail.com/companies/ https://js.callrail.com/group/ https://*.callrail.com/ https://wrsales.setmore.com/ ;style-src 'self' 'unsafe-inline' https://unpkg.com/[email protected]/dist/ https://fonts.googleapis.com/ https://storage.googleapis.com/wellreceived/ https://storage.googleapis.com/livesupport/ https://storage.googleapis.com/clientaccess/ https://my.setmore.com/css/setmorePopup.css https://assets.wellreceived.com/wellreceived/assets/styles/ https://optimize.google.com https://assets.setmore.com/ https://wrsales.setmore.com/ ;font-src 'self' https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://storage.googleapis.com/wellreceived/ https://storage.googleapis.com/livesupport/chat/fonts/ data:;connect-src 'self' https://capig.stape.ai/ https://www.google.com/ https://o151188.ingest.us.sentry.io/ https://api.chatsupport.co/api/ https://*.google-analytics.com/ https://stats.g.doubleclick.net/ wss://rtmserver.anywhereworks.com/ https://in.hotjar.com/api/ https://signup.wellreceived.com/ https://signup.staging.wellreceived.com/ https://vc.hotjar.io/ https://dc.ads.linkedin.com/collect/ https://*.smartlook.com/ https://*.smartlook.cloud/ https://bat.bing.com https://graph.facebook.com/ https://hooks.zapier.com https://*.clarity.ms/ https://frstre.com/ https://adservice.google.com/ https://www.google.com/pagead/ https://www.youtube.com/ https://cdn.linkedin.oribi.io/partner/3763092/domain/wellreceived.com/token https://storage.staging.wellreceived.com/app https://storage.wellreceived.com/app https://storage.googleapis.com/stag-fullstorage https://analytics.google.com/ https://storage.googleapis.com/fullstorage wss://rtmserver.anywhereworks.com/ wss://stagingrtm.anywhereworks.com https://*.chatsupport.co https://cdn.linkedin.oribi.io/partner/3763092/domain/localhost/token https://o151188.ingest.sentry.io https://px.ads.linkedin.com/ https://*.tiktok.com/ https://www.google.com/ccm/ https://cdn.callrail.com/companies/ https://js.callrail.com/group/ https://*.callrail.com/ https://www.googletagmanager.com/ https://wrsales.setmore.com/ ;media-src 'self' https://ssl.gstatic.com/ https://storage.googleapis.com/wellreceived/ https://storage.googleapis.com/livesupport/ https://assets.wellreceived.com/wellreceived/website/media/ https://assets.wellreceived.com/anywhereworks/videos/ https://assets.chatsupport.co/chat/sounds/ https://*.chatsupport.co ;frame-src 'self' https://td.doubleclick.net/ https://vars.hotjar.com/ https://www.googletagmanager.com/ https://my.setmore.com/ https://booking.setmore.com/ https://widget.trustpilot.com/ https://www.facebook.com/ https://optimize.google.com https://www.youtube.com/ https://upcity.com/ https://wrsales.setmore.com/ https://*.setmore.com ;

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Caching Headers

2 headers

Expires

Caching

Thu, 01 Jan 1970 00:00:00 GMT

Last-Modified

Caching

Tue, 20 Jan 2026 03:29:44 GMT

Content Headers

1 headers

Content-Type

Content

text/html;charset=utf-8

Server Headers

1 headers

Server

Google Frontend

CORS Headers

3 headers

Access-Control-Allow-Headers

Cors

Origin, Content-Type, Accept

Access-Control-Allow-Methods

Cors

GET

Access-Control-Allow-Origin

Cors

https://www.wellreceived.com

Cookies Headers

1 headers

Set-Cookie

Cookies

JSESSIONID=node01ha1imt6udg7l126aizf6byray16496.node0; Path=/

Other Headers

6 headers

Alt-Svc

Other

h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Date

Other

Tue, 20 Jan 2026 03:29:44 GMT

Reflected-Xss

Other

0

Resp-Time

Other

1768879784789

Via

Other

1.1 google

X-Permitted-Cross-Domain-Policies

Other

none

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching