HTTP Headers Analysis for https://www.foxit.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; img-src; script-src; +7 more

default-src https: wss: blob: 'self' 'unsafe-inline' *.demandbase.com *.foxitesign.foxit.com salesforce.foxitesign.foxit.com *.evergage.com foxit.us-6.evergage.com *.visualwebsiteoptimizer.com app.vwo.com; img-src 'self' data: www.google.com *.google.com www.google-analytics.com *.google-analytics.com optimize.google.com www.googletagmanager.com *.googletagmanager.com *.stripe.com *.clarity.ms tribl.io px.ads.linkedin.com www.linkedin.com cc.swiftype.com *.bing.com images.g2crowd.com *.g2.com *.outbrain.com *.adroll.com alb.reddit.com 11145320.fls.doubleclick.net *.doubleclick.net www.facebook.com sealserver.trustwave.com i.imgur.com *.checkout.visa.com *.mastercard.com *.discovercard.com *.discover.com *.online-metrix.net q.quora.com d.adroll.com accounts.zendesk.com hero.kingpinkton.com ct.capterra.com tracking.g2crowd.com aorta.clickagy.com googleads.g.doubleclick.net srv.stackadapt.com pixel-sync.sitescout.com id.rlcdn.com js.chilipiper.com *.gravatar.com secure.gravatar.com *.hotjar.com *.paypal.com www.google.com.hk www.google.com.tw segments.company-target.com tags.srv.stackadapt.com cdn-cookieyes.com *.visualwebsiteoptimizer.com chart.googleapis.com app.vwo.com useruploads.vwo.io www.paypalobjects.com fonts.gstatic.com www.google.com.sg www.googleadservices.com pixel-config.reddit.com conversions-config.reddit.com *.6sc.co *.foxit.com *.g.doubleclick.net google.com *.foxitsoftware.com *.ytimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com static.cloudflareinsights.com kit.fontawesome.com www.google.com *.google.com www.googletagmanager.com *.googletagmanager.com *.googleadservices.com www.google-analytics.com *.google-analytics.com www.googleanalytics.com www.googleoptimize.com optimize.google.com googleads.g.doubleclick.net static.addtoany.com platform.twitter.com pi.pardot.com static.hotjar.com *.hotjar.com script.hotjar.com bat.bing.com s.swiftypecdn.com go.foxitinfo.com widget.trustpilot.com amplify.outbrain.com tr.outbrain.com q.quora.com 11145320.fls.doubleclick.net c.sf-syn.com scout-cdn.salesloft.com static.zdassets.com api.smooch.io widget-mediator.zopim.com tracking.g2crowd.com tags.srv.stackadapt.com *.zoominfo.com *.chilipiper.com www.redditstatic.com d.adroll.mgr.consensu.org d.adroll.com s.adroll.com snap.licdn.com connect.facebook.net static.ads-twitter.com sealserver.trustwave.com *.clarity.ms tribl.io *.stripe.com m.stripe.network *.paypal.com *.checkout.visa.com *.mastercard.com *.foxitesign.foxit.com *.discovercard.com *.discover.com h.online-metrix.net www.aexp-static.com www.paypalobjects.com *.youtube.com villain.kingpinkton.com hero.kingpinkton.com unpkg.com *.cloudfront.net tags.clickagy.com js.na.chilipiper.com public.profitwell.com st.foxitsoftware.cn *.demandbase.com apis.google.com www.google.com.hk js.driftt.com t.usermaven.com *.doubleclick.net google.com.tw paapi8916.d41.co cdn-0.d41.co a.quora.com *.rlcdn.com *.d41.co *.recaptcha.net *.gstatic.com cdn.evgnet.com *.company-target.com foxit.us-6.evergage.com *.evergage.com cdn-cookieyes.com *.visualwebsiteoptimizer.com app.vwo.com *.gstatic.cn *.foxit.com *.amazon-adsystem.com www.foxit.com ipinfo.io eu1-qa.foxitesign.foxit.com pagead2.googlesyndication.com *.6sc.co 6sc.co *.terminusapp.com player.vwo.me *.cookieyes.com *.foxitsoftware.com cloudflareinsights.com *.microsoft.com; style-src 'self' 'unsafe-inline' https: www.google-analytics.com www.googletagmanager.com *.googletagmanager.com optimize.google.com *.google.com s.swiftypecdn.com fonts.googleapis.com *.cloudflare.com tags.srv.stackadapt.com *.hotjar.com *.demandbase.com foxit.us-6.evergage.com *.visualwebsiteoptimizer.com www.foxit.com app.vwo.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com ka-f.fontawesome.com script.hotjar.com *.hotjar.com *.evergage.com at.alicdn.com; object-src 'self' *.foxitsoftware.com; worker-src 'unsafe-inline' 'self' blob:; connect-src *.visualwebsiteoptimizer.com *.amazon-adsystem.com *.paa-reporting-advertising.amazon *.hotjar.com *.hotjar.io *.zoominfo.com wss://ws.hotjar.com *.company-target.com www.google.com.sg *.foxitcloud.com bat.bing.com player.vwo.me *.reddit.com www.redditstatic.com *.linkedin.com *.6sc.co *.evergage.com *.foxitsoftware.com *.paypal.com *.google.com *.connectedpdf.com *.stripe.com www.g2.com *.foxit.com www.facebook.com *.clarity.ms *.cookieyes.com cdn-cookieyes.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net www.googleadservices.com pagead2.googlesyndication.com google.com *.googleapis.com; frame-src app.vwo.com *.visualwebsiteoptimizer.com *.foxitsoftware.com td.doubleclick.net js.driftt.com s.company-target.com js.stripe.com www.sandbox.paypal.com www.recaptcha.net *.youtube.com www.foxit.com www.paypal.com na1.foxitesign.foxit.com www.google.com www.googletagmanager.com eu1-qa.foxitesign.foxit.com *.amazon-adsystem.com player.vwo.me *.stripe.com www.facebook.com *.paypal.com *.foxitcloud.com *.foxit.com *.g2.com; frame-ancestors *.foxit.com;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding

Caching Headers

3 headers

Cache-Control

Caching

no-cache, no-store, must-revalidate

Expires

Caching

0

Pragma

Caching

no-cache

Content Headers

1 headers

Content-Type

Content

text/html; charset=utf-8

Server Headers

1 headers

Server

cloudflare

CORS Headers

2 headers

Access-Control-Allow-Headers

Cors

DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization

Access-Control-Allow-Methods

Cors

GET, POST, OPTIONS

Cookies Headers

1 headers

Set-Cookie

Cookies

__cf_bm=PT8sPeebqqPi26EQTfl.SwIDfGCtlz5By03oIrKrB_Y-1769783970-1.0.1.1-f1tdZPlh7Y3EFnIC_HNIvR57J6IVjj4_u8Q4k8A1KF.jTj05aa5HcBskyyOYzypsMhAOePBPrRxYTW7qnM36Da7NYh9TUOXlznNEm6xqsI0; path=/; expires=Fri, 30-Jan-26 15:09:30 GMT; domain=.foxit.com; HttpOnly; Secure; SameSite=None

Other Headers

6 headers

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9c61b8148abedda6-IAD

Date

Other

Fri, 30 Jan 2026 14:39:30 GMT

Link

Other

</_next/static/media/3a7db6186c919e7f-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </_next/static/media/3e3373eeaa83e3d0-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </_next/static/media/5a01ed7315b07ae7-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </_next/static/media/5c87321f7e98f1a4-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </_next/static/media/8ed94a4ecb10c26a-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf"

X-Middleware-Rewrite

Other

/en

X-Next-I18n-Router-Locale

Other

en

Recommendations

Enable compression (gzip/brotli) to improve performance