HTTP Headers Analysis for https://www.hostpoint.ch

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; connect-src; font-src; +11 more

default-src 'none'; connect-src 'self' https://admin.hostpoint.ch https://*.google-analytics.com https://*.analytics.google.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.g.doubleclick.net https://www.googleadservices.com https://google.com https://ad.doubleclick.net https://*.google.com https://*.google.ch https://*.google.at https://*.google.de https://*.google.fr https://*.google.it https://*.google.li https://*.googleapis.com https://*.gstatic.com https://www.facebook.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://bat.bing.com https://*.clarity.ms https://hostpointag.recruitee.com https://analytics.twitter.com https://t.co; font-src 'self' https://fonts.gstatic.com https://*.hotjar.com; form-action 'self' https://admin.hostpoint.ch https://www.facebook.com; frame-ancestors 'self' https://www.jobs.ch; frame-src 'self' https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://td.doubleclick.net https://www.googletagmanager.com https://maps.google.com https://www.google.com https://www.facebook.com; img-src 'self' data: https://banner.hostpoint.ch https://hostpoint-static.ch https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ch https://*.google.at https://*.google.de https://*.google.fr https://*.google.it https://*.google.li https://*.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://pagead2.googlesyndication.com https://google.com https://www.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://www.facebook.com https://*.hotjar.com https://*.ads.linkedin.com https://bat.bing.com https://analytics.twitter.com https://t.co; media-src 'self' https://hostpoint-static.ch; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.google-analytics.com https://*.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://pagead2.googlesyndication.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://connect.facebook.net https://*.hotjar.com https://px.ads.linkedin.com https://snap.licdn.com https://www.linkedin.com https://sjs.bizographics.com https://bat.bing.com https://*.clarity.ms https://analytics.twitter.com https://static.ads-twitter.com https://twitter.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://*.hotjar.com; block-all-mixed-content; report-uri https://hostpoint.uriports.com/reports/report; report-to default;

X-Frame-Options

Good

sameorigin

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Accept-Ranges

Performance

bytes

Connection

Performance

Upgrade

Vary

Performance

Accept-Encoding

Caching Headers

4 headers

Cache-Control

Caching

max-age=14400

Etag

Caching

"513d5-6438e7a997b58"

Expires

Caching

Tue, 18 Nov 2025 11:47:58 GMT

Last-Modified

Caching

Fri, 14 Nov 2025 14:04:41 GMT

Content Headers

2 headers

Content-Length

Content

332757

Content-Type

Content

text/html

Server Headers

1 headers

Server

Apache

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

4 headers

Date

Other

Tue, 18 Nov 2025 07:47:58 GMT

Nel

Other

{"report_to":"default","max_age":2592000,"include_subdomains":false,"failure_fraction":0.1}

Report-To

Other

{"group":"default","max_age":2592000,"endpoints":[{"url":"https://hostpoint.uriports.com/reports"}],"include_subdomains":false}

Upgrade

Other

h2,h2c

Recommendations

Enable compression (gzip/brotli) to improve performance