| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Set-Cookie | __uzma=99d02b3f-1871-4a25-8512-4b8948f42638; HttpOnly; path=/; Expires=Thu, 16-Oct-25 02:57:27 GMT ; Max-Age=15724800; SameSite=Lax |
| X-Amz-Cf-Pop | CPH50-C1 |
| Date | Thu, 17 Apr 2025 02:57:27 GMT |
| Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
| Referrer-Policy | no-referrer-when-downgrade |
| Vary | Accept-Encoding |
| Via | 1.1 060df07995f24318e95556d506f04e12.cloudfront.net (CloudFront) |
| Connection | keep-alive |
| Content-Security-Policy | default-src 'none'; script-src acdn.adnxs.com cdn.admo.tv cstatic.weborama.fr dc.ads.linkedin.com developers.atinternet-solutions.com *.dom101.mapres *.dom101.intres *.dom101.prdres *.doubleclick.net d.turn.com *.evermaps.net *.facebook.net facebook.com *.gbpce.net *.googletagmanager.com *.googleadservices.com *.hcaptcha.com *.inbenta.io *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.k-app.io marketing.adobe.com my.tealiumiq.com publicidees.com px.ads.linkedin.com r.turn.com secure.adnxs.com 'self' snap.licdn.com support.criteo.com *.tiqcdn.com 'unsafe-inline' 'unsafe-eval' *.1bis.com *.myfeelback.com cdn.trustindex.io analytics.tiktok.com s2.adform.net track.adform.net *.adform.net *.bing.com *.teads.tv *.criteo.com *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com adservice.google.com *.taboola.com *.adsrvr.org *.linkeo.com *.banquepopulaire.fr; connect-src *.dom101.mapres *.dom101.intres *.dom101.prdres *.inbenta.io *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.k-app.io *.omtrdc.net 'self' *.tealiumiq.com *.2o7.net *.hcaptcha.com cdn.linkedin.oribi.io adservice.google.com www.facebook.com *.prod.mycloud.intrabpce.fr google.com *.google.com analytics.tiktok.com px.ads.linkedin.com pagead2.googlesyndication.com gen-chat.i-bp.banquepopulaire.dev:8888 gen-widgets.hom.mycloud.intrabpce.fr gen-widgets.prod.mycloud.intrabpce.fr wss://www.banquepopulaire.fr/genesys/genesys/cometd *.teads.tv *.bing.com *.criteo.com *.linkeo.com *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com https://www.google.com *.adform.net *.taboola.com *.adsrvr.org *.banquepopulaire.fr; img-src data: cdn.admo.tv *.cloudimg.io cstatic.weborama.fr developers.atinternet-solutions.com *.doubleclick.net d.turn.com www.facebook.com www.google.fr www.google.com *.googletagmanager.com *.inbenta.com *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.k-app.io *.omtrdc.net ib.adnxs.com publicidees.com *.hcaptcha.com r.turn.com secure.adnxs.com 'self' snap.licdn.com support.criteo.com *.myfeelback.com *.kxcdn.com www.linkedin.com dc.ads.linkedin.com px.ads.linkedin.com px4.ads.linkedin.com cdn.trustindex.io my.tealiumiq.com action.metaffiliation.com *.bing.com *.teads.tv *.criteo.com *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com adservice.google.com *.adform.net *.linkeo.com *.banquepopulaire.fr; style-src fonts.googleapis.com *.inbenta.io 'self' *.hcaptcha.com 'unsafe-inline' *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.k-app.io cdn.trustindex.io *.linkeo.com *.banquepopulaire.fr; font-src data: fonts.gstatic.com *.inbenta.io 'self'; frame-ancestors *.dom101.mapres *.dom101.intres *.dom101.prdres 'self' *.banquepopulaire.fr; frame-src https: *; worker-src 'self' blob:; report-uri https://www.csp.bpce.fr/v1/record?id=CEPME; |
| Link | <https://www.banquepopulaire.fr/app/themes/bp-child/js/app.js?ver=8.90.2>; rel=preload; as=script, <https://www.banquepopulaire.fr/app/themes/bpce/js/commons.js?ver=8.90.2>; rel=preload; as=script, <https://www.banquepopulaire.fr/app/themes/bp-child/css/app.css?ver=8.90.2>; rel=preload; as=style, <https://www.banquepopulaire.fr/wp-json/>; rel="https://api.w.org/", <https://www.banquepopulaire.fr/wp-json/wp/v2/pages/21011>; rel="alternate"; title="JSON"; type="application/json", <https://www.banquepopulaire.fr/>; rel=shortlink |
| X-Content-Type-Options | nosniff |
| Permissions-Policy | sync-xhr=(self) |
| Age | 172 |
| Content-Type | text/html; charset=UTF-8 |
| Cache-Control | s-maxage=1800, stale-while-revalidate=3600, must-revalidate, public |
| X-Xss-Protection | 1; mode=block |
| X-Cacheable | YES |
| X-Cache | Miss from cloudfront |
| X-Amz-Cf-Id | ds0hLHolEoML8a6kCK5tz8jRtvrPAV2w2R--wHnYBhJwvdpQQxYrlw== |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar