HTTP Headers Analysis for https://www.wisembly.fr

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=2592000; includeSubDomains; preload

Content-Security-Policy

Weak

connect-src; media-src

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

same-origin

Permissions-Policy

Present

accelerometer=(), autoplay=(), camera=*, cross-origin-isolated=(), display-capture=(), encrypted-media=(), fullscreen=*, geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=*, midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=*, usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=()

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Significantly strengthen CSP directives

Performance Headers

3 headers

Connection

Performance

Upgrade, close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding,User-Agent

Caching Headers

2 headers

Cache-Control

Caching

max-age=60

Expires

Caching

Mon, 29 Dec 2025 20:41:58 GMT

Content Headers

1 headers

Content-Type

Content

text/html; charset=UTF-8

Server Headers

1 headers

Server

Wisembly

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

4 headers

Date

Other

Mon, 29 Dec 2025 20:40:58 GMT

Link

Other

<https://www.wisembly.com/fr/wp-json/>; rel="https://api.w.org/", <https://www.wisembly.com/fr/wp-json/wp/v2/pages/5>; rel="alternate"; title="JSON"; type="application/json", <https://www.wisembly.com/fr/>; rel=shortlink

Upgrade

Other

h2

X-Content-Security-Policy

Other

default-src data: 'self' https://*.hsforms.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://js.hsadspixel.net https://wisembly-content.s3.amazonaws.com/ https://js-eu1.hsforms.net/ https://appvizer.one/ https://bat.bing.com/ https://googleads.g.doubleclick.net/ https://js.hs-analytics.net/ https://js.hs-banner.com/ https://*.hs-scripts.com/ https://js.hscollectedforms.net/ https://js.hsforms.net/ https://js.usemessages.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://www.google-analytics.com/analytics.js https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.youtube.com/; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.hubapi.com https://region1.analytics.google.com https://forms.hscollectedforms.net https://www.google.fr https://api.hubspot.com https://appvizer.one https://ariadne.appvizer.one https://bat.bing.com https://forms.hsforms.com https://forms.hubspot.com https://cta-service-cms2.hubspot.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googleadservices.com https://fg.cdn.mediactive-network.net https://cta-eu1.hubspot.com https://forms-eu1.hsforms.com https://hubspot-forms-static-embed-eu1.s3.amazonaws.com https://forms-eu1.hscollectedforms.net https://api-eu1.hubapi.com https://api-eu1.hubspot.com/livechat-public/v1/message/public; font-src data: 'self' https://fonts.gstatic.com; img-src data: 'self' https://wisembly-content.s3.amazonaws.com/ https://avada.studio https://s.w.org https://ps.w.org https://*.linkedin.com https://bat.bing.com https://blog.wisembly.com https://forms-na1.hsforms.com https://forms.hsforms.com https://googleads.g.doubleclick.net https://i.ytimg.com https://px.ads.linkedin.com https://track.hubspot.com https://www.google-analytics.com https://www.google.com https://www.google.fr https://fg.cdn.mediactive-network.net; manifest-src 'self'; media-src 'self'; worker-src 'none'; frame-src 'self' https://td.doubleclick.net/ https://*.liveboutique.io https://avada.studio https://static.hsappstatic.net https://app.hubspot.com https://forms.hsforms.com https://vars.hotjar.com https://www.youtube.com https://cta-eu1.hubspot.com;

Recommendations

Enable compression (gzip/brotli) to improve performance