| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| X-Frame-Options | SAMEORIGIN |
| Expires | Tue, 08 Apr 2025 11:30:01 GMT |
| Content-Type | text/html; charset=utf-8 |
| Last-Modified | Fri, 01 Apr 2022 16:05:26 GMT |
| Etag | "LztbqjEW+5MRrjpIBQ1Z3g==" |
| Access-Control-Allow-Methods | * |
| Access-Control-Expose-Headers | Access-Control-Allow-Headers,Access-Control-Allow-Methods,Access-Control-Expose-Headers,Cache-Control,Content-Length,Content-Type,Date,Expires,Pragma,Server,X-Robots-Tag |
| Content-Security-Policy | default-src 'self' 'unsafe-inline' 'unsafe-eval' akamai.tiqcdn.com export.highcharts.com hsbcbankglobal.sc.omtrdc.net www.stoneshot.com ad.doubleclick.net tags.tiqcdn.com *.doubleclick.net snap.licdn.com www.stoneshot.com hsbcbankglobal.sc.omtrdc.net cdn.linkedin.oribi.io px.ads.linkedin.com adservice.google.com *.brightcove.net metrics.brightcove.com vjs.zencdn.net cf-images.us-east-1.prod.boltdns.net cm.everesttech.net cm.everesttech.net cdn.izooto.com cf-images.eu-west-1.prod.boltdns.net js.adsrvr.org s.yimg.com sp.analytics.yahoo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cx.camsonline.com ad.doubleclick.net www.google.com.hk www.stoneshot.com www.googletagmanager.com sp.analytics.yahoo.com s.yimg.com oauth.brightcove.com js.adsrvr.org insight.adsrvr.org hsbcbankglobal.sc.omtrdc.net cms.api.brightcove.com cf-images.eu-west-1.prod.boltdns.net cdn.izooto.com adservice.google.com.hk adservice.google.com 8118717.fls.doubleclick.net https://googleads.g.doubleclick.net https://www.googleadservices.com googletagmanager.com *.googletagmanager.com collect.tealiumiq.com cm.everesttech.net hsbcbankcommon.demdex.net snap.licdn.com code.highcharts.com http://pbs.twimg.com irs.tools.investis.com maps.googleapis.com s.ytimg.com http://i3.ytimg.com www.youtube.com blob: www.recaptcha.net www.gstatic.com brightcove.net *.brightcove.net brightcove.com *.brightcove.com tags.tiqcdn.com tags.tiqcdn.cn facebook.com connect.facebook.net ads.linkedin.com www.linkedin.com dc.ads.linkedin.com twitter.com analytics.twitter.com static.ads-twitter.com adsymptotic.com hsbcglobalcommon.tt.omtrdc.net vjs.zencdn.net pws.internal.hsbc *.pws.internal.hsbc hsbc.com; connect-src 'self' *.linkedin.com cx.camsonline.com *.izooto.com collect-eu-central-1.tealiumiq.com hsbcglobalgbm.sc.omtrdc.net akamai.tiqcdn.com hsbcbankglobal.sc.omtrdc.net cdn.linkedin.oribi.io manifest.prod.boltdns.net collect.tealiumiq.com cm.everesttech.net hsbcbankcommon.demdex.net cf.brightcove.com *.cf.brightcove.com ingestion-upload-production.s3.amazonaws.com bcvp0rtal.com *.bcvp0rtal.com gallerysites.net *.gallerysites.net vjs.zencdn.net *.vjs.zencdn.net hlstoken-a.akamaihd.net *.hlstoken-a.akamaihd.net media.brightcove.com *.media.brightcove.com cloudfront.net *.cloudfront.net analytics.edgekey.net *.analytics.edgekey.net akafms.net *.akafms.net llnwd.net *.llnwd.net llnw.net *.llnw.net brightcove.vo.llnwd.net *.brightcove.vo.llnwd.net uds.ak.o.brightcove.com *.uds.ak.o.brightcove.com hls.ak.o.brightcove.com *.hls.ak.o.brightcove.com players.brightcove.net *.players.brightcove.net o.brightcove.com *.o.brightcove.com bcovlive-a.akamaihd.net *.bcovlive-a.akamaihd.net sep.bcovlive.io *.sep.bcovlive.io bcovlive.io *.bcovlive.io api.bcovlive.io *.api.bcovlive.io api.brightcove.com *.api.brightcove.com bcove.video *.bcove.video brightcove.net *.brightcove.net *.brightcovecdn.com boltdns.net *.boltdns.net hsbcglobalcommon.sc.omtrdc.net dpm.demdex.net brightcove.com *.brightcove.com bcsecure01-a.akamaihd.net *.akamaihd.net hsbcglobalcommon.tt.omtrdc.net brightcove.com *.brightcove.com www.youtube.com; img-src 'self' www.google.com.hk cx.camsonline.com *.google.co.in dpm.demdex.net adservice.google.com.hk sp.analytics.yahoo.com adservice.google.com www.stoneshot.com ad.doubleclick.net hsbcbankglobal.sc.omtrdc.net boltdns.net media.licdn.com *.boltdns.net collect.tealiumiq.com cm.everesttech.net hsbcbankcommon.demdex.net https://www.google.com https://www.google.co.uk px.ads.linkedin.com pxl.yoptima.com pixel.quantserve.com i.ytimg.com http://i3.ytimg.com data: http://pbs.twimg.com sprcdn-assets.sprinklr.com media-exp1.licdn.com brightcove.net dms.licdn.com *.brightcove.net brightcove.com *.brightcove.com tags.tiqcdn.com twitter.com analytics.twitter.com static.ads-twitter.com adsymptotic.com tags.tiqcdn.cn facebook.com connect.facebook.net ads.linkedin.com www.linkedin.com dc.ads.linkedin.com hsbcglobalcommon.tt.omtrdc.net hsbcglobalcommon.sc.omtrdc.net akamaihd.net *.akamaihd.net maps.gstatic.com maps.googleapis.com blob: pws.internal.hsbc *.pws.internal.hsbc hsbc.com; style-src 'self' 'unsafe-inline' cx.camsonline.com players.brightcove.net; base-uri 'self'; form-action 'self' export.highcharts.com; font-src 'self' cx.camsonline.com data:; frame-src 'self' pms.wealthspectrum.com cdn.izooto.com td.doubleclick.net partners.hsbcmf.juvlon.com *.harvest.fr hextra.harvest.fr rente-hsbc.harvest.fr calculetteepargne-hsbc.harvest.fr diagnosticretraite-hsbc.harvest.fr apl.wealthadvisor.jp match.adsrvr.org insight.adsrvr.org *.demdex.net youtube-nocookie.com *.youtube-nocookie.com *.recaptcha.net recaptcha.net players.brightcove.net www.youtube.com www.google.com irs.tools.investis.com 8118717.fls.doubleclick.net; media-src 'self' blob: akafms.net *.akafms.net llnwd.net *.llnwd.net llnw.net *.llnw.net media.brightcove.com *.media.brightcove.com brightcovecdn.com *.brightcovecdn.com boltdns.net *.boltdns.net video.twimg.com dms.licdn.com pws.internal.hsbc *.pws.internal.hsbc hsbc.com hsbcbankcommon.demdex.net brightcove.com *.brightcove.com *.akamaihd.net; |
| Permissions-Policy | accelerometer=(self),ambient-light-sensor=(self),autoplay=(self),battery=(self),camera=(self),display-capture=(self),document-domain=(*),encrypted-media=(self),execution-while-not-rendered=(*),execution-while-out-of-viewport=(*),fullscreen=(self),gamepad=(self),geolocation=(self),gyroscope=(self),hid=(self),identity-credentials-get=(self),idle-detection=(self),local-fonts=(self),magnetometer=(self),microphone=(self),midi=(self),otp-credentials=(self),payment=(self),picture-in-picture=(*),publickey-credentials-create=(self),publickey-credentials-get=(self),screen-wake-lock=(self),serial=(self),speaker-selection=(self),storage-access=(*),usb=(self),web-share=(self),window-management=(self),xr-spatial-tracking=(self) |
| Date | Tue, 08 Apr 2025 11:27:48 GMT |
| Connection | keep-alive |
| Vary | Accept-Encoding |
| Strict-Transport-Security | max-age=31536000 ; includeSubDomains ; preload |
| Pragma | no-cache |
| Access-Control-Allow-Headers | Access-Control-Allow-Headers,Access-Control-Allow-Methods,Access-Control-Expose-Headers,Cache-Control,Content-Length,Content-Type,Date,Expires,Pragma,Server,X-Robots-Tag |
| Referrer-Policy | strict-origin-when-cross-origin |
| X-Xss-Protection | 1; mode=block |
| Cache-Control | max-age=133 |
| X-Robots-Tag | index, follow |
| X-Content-Type-Options | nosniff |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar