| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
| Cf-Cache-Status | DYNAMIC |
| Content-Type | text/html; charset=utf-8 |
| Set-Cookie | AWSALB=/vIdi+nqadnKlpjVbXx8DBy/DgCYD5b5eUOHiQTGi9iOiESOVEbKFBUUR3rkajh75Q3CYPB/XNZr94a0kHiomwLASU/U6yhWV0nFr2xngtk21NslrJJVwP8c+LRk; Expires=Sat, 26 Apr 2025 14:42:26 GMT; Path=/ |
| Vary | Accept-Encoding |
| X-Frame-Options | SAMEORIGIN |
| Connection | keep-alive |
| Cf-Ray | 932d2b219b816564-AMS |
| Content-Security-Policy | default-src * http://manifest.prod.boltdns.net *.edge.api.brightcove.com *.idx.liadm.com *.analytics.google.com https://manifest.prod.boltdns.net manifest.prod.boltdns.net *.amazonaws.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.onetrust.com subscriptions.smartrecruiters.com d1hgczpbubj217.cloudfront.net www.connectidfeed.com data: 'unsafe-eval' 'unsafe-inline' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.cloudflareinsights.com a.usbrowserspeed.com a.remarketstats.com i.liadm.com https://www.clarity.ms/ https://www.gstatic.com/recaptcha/releases/-ZG7BC9TxCVEbzIO2m429usb/recaptcha__en.js *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.analytics.google.com *.google.com *.google-analytics.com a.usbrowserspeed.com a.remarketstats.com i.liadm.com *.youtube.com *.onetrust.com www.google.com/recaptcha/api.js www.gstatic.com subscriptions.smartrecruiters.com otp.tools.investis.com otp.tools.investisdigital.com d1hgczpbubj217.cloudfront.net staticcontents.investisdigital.com *.googleapis.com www.youtube.com script.hotjar.com sc.lfeeder.com vjs.zencdn.net cdnjs.cloudflare.com static.hotjar.com secure.intuitive-intuition.com cdn.cookielaw.org cdn.cookielaw.org www.googletagmanager.com connect.facebook.net cdn.jsdelivr.net secure.smart-enterprise-52.com *.brightcove.net platform.twitter.com viz.tools.investis.com www.google-analytics.com *.brightcove.net blob: https://unpkg.com/axios@1.6.5/dist/axios.min.js https://code.highcharts.com/highcharts-more.js *.highcharts.com https://unpkg.com/vue@3.5.13/dist/vue.global.js https://unpkg.com/vue@3/dist/vue.global.js; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net fonts.idigitalcontents.com fonts.gstatic.com viz.tools.investis.com cdn.jsdelivr.net *.brightcove.net *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.onetrust.com subscriptions.smartrecruiters.com; object-src 'none'; font-src 'self' 'unsafe-inline' data: players.brightcove.net fonts.idigitalcontents.com fonts.gstatic.com idx.liadm.com vjs.zencdn.net viz.tools.investis.com *.brightcove.net *.onetrust.com; frame-src 'self' otp.tools.investisdigital.com players.brightcove.net www.google.com forms.docq.app www.youtube.com td.doubleclick.net *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.youtube.com platform.twitter.com irs.tools.investis.com otp.tools.investis.com www.connectidfeed.com subscriptions.smartrecruiters.com *.googleapis.com; frame-ancestors 'self' https://allowed-origin.com https://core.angloamerican.com https://*.core.angloamerican.com; img-src data: 'self' www.glassdoor.co.uk house-fastly-signed-eu-west-1-prod.brightcovecdn.com connect.facebook.net viz.tools.investis.com secure.leadforensics.com *.leadforensics.com *.facebook.com *.google-analytics.com *.googleapis.com *.google.com tr.lfeeder.com google-analytics.com *.gstatic.com www.google.co.uk www.googletagmanager.com subscriptions.smartrecruiters.com *.ytimg.com *.youtube.com cdn.cookielaw.org cf-images.eu-west-1.prod.boltdns.net www.google.co.in metrics.brightcove.com *.brightcove.net manifest.prod.boltdns.net; manifest-src 'self'; media-src 'self' house-fastly-signed-eu-west-1-prod.brightcovecdn.com *.idx.liadm.com *.onetrust.com blob:; worker-src 'self' 'unsafe-inline' * blob:; connect-src 'self' https://n.clarity.ms/collect *.clarity.ms https://r.clarity.ms/collect www.angloamerican.com *.idx.liadm.com www.facebook.com code.highcharts.com http://manifest.prod.boltdns.net https://manifest.prod.boltdns.net wss://ws.hotjar.com *.hotjar.io *.hotjar.com data: house-fastly-signed-eu-west-1-prod.brightcovecdn.com privacyportal-eu.onetrust.com manifest.prod.boltdns.net www.connectidfeed.com subscriptions.smartrecruiters.com d1hgczpbubj217.cloudfront.net *.analytics.google.com *.google-analytics.com *.amazonaws.com tupf3ye5m3.execute-api.eu-west-1.amazonaws.com google-analytics.com *.googleapis.com *.onetrust.com cdn.cookielaw.org idx.liadm.com analytics.google.com stats.g.doubleclick.net edge.api.brightcove.com *.brightcove.net players.brightcove.net viz.tools.investis.com analytics.google.com *.google-analytics.com *.youtube.com *.investisdigital.com edge.api.brightcove.com www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net ipapi.connectid.cloud *.typekit.net *.amazonaws.com *.google.com; base-uri 'self'; |
| Cache-Control | private |
| X-Content-Type-Options | nosniff |
| X-Xss-Protection | 1; mode=block |
| Referrer-Policy | strict-origin-when-cross-origin |
| Permissions-Policy | self |
| Server | cloudflare |
| Date | Sat, 19 Apr 2025 14:42:26 GMT |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar