HTTP Headers Analysis for https://yakchat.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Basic

base-uri; form-action; default-src; +8 more

base-uri 'self';form-action 'self' https://forms.zohopublic.com https://*.zohopublic.com https://forms.zohopublic.com/yakchat/form/* https://*.zohopublic.com/*/form/* https://forms.zohopublic.com/yakchat/form/*/formperma/*/htmlRecords/submit;default-src 'self' https://*.clarity.ms https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.gstatic.com https://salesiq.zoho.com https://salesiq.zohopublic.com https://*.algolia.net https://*.algolianet.com https://ipapi.co https://*.zohocdn.com https://*.zohostatic.com wss://*.zohopublic.com https://*.yakchat.com https://*.calendly.com;connect-src 'self' https://insights.algolia.io https://*.clarity.ms https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.gstatic.com https://salesiq.zoho.com https://salesiq.zohopublic.com https://*.algolia.net https://*.algolianet.com https://ipapi.co https://*.zohocdn.com https://*.zohostatic.com wss://*.zohopublic.com https://*.yakchat.com https://*.calendly.com https://*.taboola.com https://psb.taboola.com https://trc.taboola.com https://*.contentsquare.net https://*.hotjar.com https://*.hotjar.io https://px.ads.linkedin.com https://*.linkedin.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://prod.spline.design https://unpkg.com https://cdn.jsdelivr.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://clarity.ms https://*.clarity.ms https://*.google-analytics.com https://salesiq.zoho.com https://*.algolia.net https://*.algolianet.com https://*.zohocdn.com https://*.zohostatic.com https://*.zohopublic.com wss://*.zohopublic.com https://assets.calendly.com https://static.hotjar.com https://*.hotjar.com https://cdn.taboola.com https://trc.taboola.com https://snap.licdn.com https://*.licdn.com https://*.contentsquare.net http://*.contentsquare.net;style-src 'self' https://*.clarity.ms https://fonts.googleapis.com 'unsafe-inline' data: https://*.zohocdn.com https://*.zohostatic.com https://*.calendly.com;img-src 'self' https://*.googletagmanager.com https://*.bing.com https://*.clarity.ms https://secure.gravatar.com https://wordpress-live.yakchat.com data: blob: https://*.zohopublic.com https://*.calendly.com https://*.linkedin.com https://px.ads.linkedin.com https://*.taboola.com https://*.hotjar.com https://*.contentsquare.net https://www.google.co.uk https://*.google.co.uk https://stats.g.doubleclick.net https://*.g.doubleclick.net https://*.google-analytics.com;font-src 'self' https://fonts.gstatic.com https://*.zohocdn.com https://*.zohostatic.com;frame-src * https://*.calendly.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;media-src *;worker-src 'self' blob:;

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

geolocation=(), microphone=(), camera=()

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'

Performance Headers

1 headers

Connection

Performance

close

Caching Headers

3 headers

Age

Caching

33293

Cache-Control

Caching

public, s-maxage=60, stale-while-revalidate=600

Etag

Caching

"ygi4c2dhae6elm"

Content Headers

2 headers

Content-Length

Content

298941

Content-Type

Content

text/html; charset=utf-8

Server Headers

2 headers

Server

Vercel

X-Powered-By

Server

Next.js

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

4 headers

Date

Other

Thu, 15 Jan 2026 14:56:05 GMT

X-Matched-Path

Other

/

X-Vercel-Cache

Other

HIT

X-Vercel-Id

Other

iad1::iad1::qrvjk-1769173993175-30db56447b5d

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology