HTTP Headers Analysis for https://www.joom.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; child-src; media-src; +11 more

default-src blob: ;child-src blob: 'self' https://d13h4w8gjgv887.cloudfront.net;media-src blob: 'self' https://video.joomcdn.net https://*.amazonaws.com https://d13h4w8gjgv887.cloudfront.net;form-action https:;frame-src 'self' https: https://accounts.google.com/gsi/;frame-ancestors 'none';manifest-src 'self';base-uri 'none';font-src 'self' data: https://*.joomcdn.net https://*.jmtcdn.ru https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://d13h4w8gjgv887.cloudfront.net https://hcaptcha.com https://*.hcaptcha.com https://cdn.crowdin.com https://top-fwz1.mail.ru https://accounts.google.com/gsi/style;connect-src 'self' https://api.joom.com https://api-secure.joom.one https://api.joompay.tech https://http-babylone-client-faq-api.joom.it https://*.google-analytics.com https://*.analytics.google.com https://*.googleapis.com https://google-analytics.com https://analytics.google.com https://*.googletagmanager.com https://googletagmanager.com https://bat.bing.com https://pagead2.googlesyndication.com https://www.facebook.com https://bnc.lt https://joom.test-app.link https://stats.g.doubleclick.net https://*.joomcdn.net https://*.jmtcdn.ru https://*.amazonaws.com https://mc.yandex.ru https://mc.yandex.com https://api-maps.yandex.ru https://yastatic.net https://*.maps.yandex.net https://d13h4w8gjgv887.cloudfront.net https://hcaptcha.com https://*.hcaptcha.com https://*.live-video.net https://joom-web.ey.r.appspot.com https://crowdin.com https://widget.trustpilot.com https://*.creativecdn.com https://*.dwin1.com https://top-fwz1.mail.ru https://www.wepowerconnections.com https://tr.kickbite.io https://service.nalog.ru https://*.clarity.ms https://analytics.tiktok.com https://s.kelkoogroup.net https://*.mts.ru https://www.google.com https://google.com https://pay.google.com https://*.criteo.com https://sentry.joom.it https://accounts.google.com/gsi/ https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://api.jmtpayments.ru;img-src 'self' data: https: blob:;script-src 'strict-dynamic' 'nonce-MC42MTY2MjY=' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: data: 'unsafe-inline' https://*.joomcdn.net https://*.jmtcdn.ru https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://d13h4w8gjgv887.cloudfront.net https://hcaptcha.com https://*.hcaptcha.com https://cdn.crowdin.com https://top-fwz1.mail.ru https://accounts.google.com/gsi/style;report-uri https://sentry.joom.it/api/3/security/?sentry_key=b68f31beac04417da5e79086aa76f8d6

X-Frame-Options

Excellent

deny

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

Caching Headers

3 headers

Cache-Control

Caching

no-store, must-revalidate, max-age=0

Etag

Caching

W/"1d10-Db8fMvnCCSU22DeRgv5pwdSlRT8"

Pragma

Caching

no-cache

Content Headers

1 headers

Content-Type

Content

text/html; charset=utf-8

Server Headers

0 headers

No server headers found

CORS Headers

1 headers

Access-Control-Expose-Headers

Cors

Request-Id

Cookies Headers

1 headers

Set-Cookie

Cookies

ver=4.8.5-1768398181; Max-Age=315360000; Path=/; Secure

Other Headers

9 headers

Date

Other

Wed, 14 Jan 2026 18:06:32 GMT

Nel

Other

{"report_to":"nel","max_age":604800,"include_subdomains":true,"success_fraction":0.01,"failure_fraction":1.0}

Report-To

Other

{"group":"nel","max_age":10886400,"endpoints":[{"url":"https://nel.joom.it/reports"}],"include_subdomains":true}

Request-Id

Other

u16sio5yc9

Via

Other

1.1 878742d0ad1850cbfc7910a5c4919ed0.cloudfront.net (CloudFront)

X-Amz-Cf-Id

Other

73joEJ-j99vdSRNqRzrTXw-xjqs8OHRQmHrXwgKLpbwF8SD-dDlyrg==

X-Amz-Cf-Pop

Other

IAD12-P2

X-Cache

Other

Miss from cloudfront

X-Ua-Compatible

Other

IE=Edge,chrome=1

Recommendations

Enable compression (gzip/brotli) to improve performance