| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| X-Cache | MISS, HIT, HIT |
| Cache-Control | no-store, no-cache, must-revalidate, max-age=0 |
| Content-Type | text/html; charset=UTF-8 |
| X-Frame-Options | SAMEORIGIN |
| X-Debug-Info | eyJyZXRyaWVzIjowfQ== |
| X-Served-By | cache-iad-kjyo7100060-IAD, cache-iad-kjyo7100060-IAD, cache-ams21077-AMS |
| Accept-Ranges | bytes |
| Age | 13692 |
| Pragma | cache |
| X-Content-Type-Options | nosniff |
| X-Platform-Server | i-d213d5037b827a86 |
| X-Cache-Hits | 0, 22, 0 |
| Strict-Transport-Security | max-age=31557600 |
| X-Timer | S1744839439.825107,VS0,VE1743 |
| Expires | Thu, 17 Apr 2025 00:37:19 GMT |
| Content-Security-Policy | font-src bio.coop *.bio.coop biocoop.fr *.biocoop.fr https://fonts.gstatic.com https://*.cookieless-data.com https://www.youtube-nocookie.com https://r.adserver01.de https://ads.creative-serving.com https://secure.adnxs.com *.facil-iti.app *.facil-iti.com *.flymenu.fr *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com bio.coop *.bio.coop biocoop.fr *.biocoop.fr https://www.googletagmanager.com https://www.facebook.com https://www.youtube-nocookie.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ www.googletagmanager.com secure-gateway.hipay-tpp.com stage-secure-gateway.hipay-tpp.com *.hipay.com *.paypal.com bio.coop *.bio.coop biocoop.fr *.biocoop.fr https://www.googletagmanager.com https://www.google.com https://www.google.fr https://googleads.g.doubleclick.net https://ad.ad-srv.net https://hal9000.redintelligence.net https://tags.dynamo.one https://ad4m.at https://ad4mat.net https://checkoutshopper-live.adyen.com https://checkoutshopper-test.adyen.com https://js.cookieless-data.com https://www.youtube-nocookie.com https://r.adserver01.de https://ads.creative-serving.com https://secure.adnxs.com https://cl.avis-verifies.com https://www.facebook.com *.tradedoubler.com https://v.calameo.com/ *.facil-iti.app *.facil-iti.com *.spotify.com *.flymenu.fr td.doubleclick.net tr.snapchat.com docs.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.hsforms.net *.hsforms.com bio.coop *.bio.coop https://toq.bio.coop biocoop.fr *.biocoop.fr https://toq.biocoop.fr https://www.google.com https://www.google.fr https://maps.googleapis.com https://maps.gstatic.com https://cl.avis-verifies.com https://bat.bing.com https://googleads.g.doubleclick.net https://track.adform.net https://ad4m.at *.ad4m.at https://cm.g.doubleclick.net https://ih.adscale.de https://rtb-csync.smartadserver.com https://dsum-sec.casalemedia.com https://a.twiago.com https://dmp.ad4mat.net https://checkoutshopper-live.adyen.com https://checkoutshopper-test.adyen.com https://www.googletagmanager.com blob: https://js.cookieless-data.com https://www.youtube-nocookie.com https://r.adserver01.de https://ads.creative-serving.com https://secure.adnxs.com https://dpm.demdex.net https://match.justpremium.com https://x.bidswitch.net https://sync.1rx.io https://sync.targeting.unrulymedia.com https://id5-sync.com https://ice.360yield.com https://www.facebook.com *.clarity.ms *.bing.com *.doubleclick.net https://i.ytimg.com/ *.facil-iti.app *.facil-iti.com *.digital-metric.net *.cookielaw.org/ *.flymenu.fr 'self' data: www.facebook.com adservice.google.com *.googleusercontent.com www.google.pl www.google.ch www.google.be www.google.es www.google.de www.google.mg tr.snapchat.com trk.datnova.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ secure-gateway.hipay-tpp.com stage-secure-gateway.hipay-tpp.com *.hipay.com mpsnare.iesnare.com *.paypal.com *.hsforms.net *.hsforms.com bio.coop *.bio.coop https://toq.bio.coop biocoop.fr *.biocoop.fr https://toq.biocoop.fr https://www.google.com https://www.google.fr https://maps.googleapis.com https://www.googletagmanager.com https://cl.avis-verifies.com https://bat.bing.com https://googleads.g.doubleclick.net https://img.metaffiliation.com https://tags.dynamo.one https://profiling.veoxa.com https://js.sddan.com https://pixel.social-media-system.com https://ad4mat.de https://ad4m.at *.ad4m.at https://sddan.mgr.consensu.org https://mon.social-media-system.com https://sv.ciblelink.com https://js-agent.newrelic.com https://bam.nr-data.net https://checkoutshopper-live.adyen.com https://checkoutshopper-test.adyen.com https://www.gstatic.com https://tracking.veoxa.com https://js.cookieless-data.com https://www.youtube-nocookie.com https://r.adserver01.de https://ads.creative-serving.com https://secure.adnxs.com https://forms.sbc30.net https://connect.facebook.net https://analytics.optimalpeople.fr https://vu.adschoom.com https://svht.tradedoubler.com *.clarity.ms *.facil-iti.app *.facil-iti.com *.digital-metric.net *.aticdn.net https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ *.cookielaw.org/ *.flymenu.fr *.google.com *.gstatic.com api.flymenu.fr sc-static.net apicit.net p.gsitrix.com tr.snapchat.com cdn.cookielaw.org xir.prixclub.com bat.bing.com tags.clickintext.net tag.aticdn.net o.gsitrix.com swrap.tradedoubler.com trk.datnova.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.hipay.com bio.coop *.bio.coop biocoop.fr *.biocoop.fr https://fonts.googleapis.com https://js.cookieless-data.com https://www.youtube-nocookie.com https://r.adserver01.de https://ads.creative-serving.com https://secure.adnxs.com *.facil-iti.app *.facil-iti.com *.flymenu.fr *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: mpsnare.iesnare.com bio.coop *.bio.coop https://toq.bio.coop www.bio.coop biocoop.fr *.biocoop.fr https://toq.biocoop.fr www.biocoop.fr https://js.cookieless-data.com https://www.youtube-nocookie.com https://r.adserver01.de https://ads.creative-serving.com https://secure.adnxs.com *.facil-iti.app *.facil-iti.com *.flymenu.fr www.bing.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com https://www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com secure-gateway.hipay-tpp.com stage-secure-gateway.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com t.elasticsuite.io *.hsforms.net *.hsforms.com bio.coop *.bio.coop https://toq.bio.coop biocoop.fr *.biocoop.fr https://toq.biocoop.fr https://stats.g.doubleclick.net https://img.metaffiliation.com https://bam.nr-data.net https://action.metaffiliation.com https://js.cookieless-data.com https://www.youtube-nocookie.com https://r.adserver01.de https://ads.creative-serving.com https://secure.adnxs.com https://analytics.optimalpeople.fr *.googleapis.com *.clarity.ms *.pvnsolutions.com https://stage-secure-gateway.hipay-tpp.com https://secure-gateway.hipay-tpp.com *.facil-iti.app *.facil-iti.com https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ *.cookielaw.org/ *.onetrust.com/ *.flymenu.fr *.google-analytics.com api.flymenu.fr logc412.xiti.com www.facebook.com google.com bat.bing.com p.gsitrix.com *.onetrust.com adservice.google.com www.google.com *.snapchat.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; |
| Vary | Accept-Encoding,Cookie |
| Connection | keep-alive |
| Traceresponse | 00-1836ea39aed398dd2f341ea0d816b52b-739cf5c78f6e3fb7-01 |
| X-Xss-Protection | 1; mode=block |
| Date | Thu, 17 Apr 2025 01:25:32 GMT |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar