HTTP Headers report for bitso.com

Header Name	Header Data
HTTP status code	200
Permissions-Policy	microphone=(), usb=()
Referrer-Policy	no-referrer
Set-Cookie	NEXT_LOCALE=us; Path=/; Expires=Mon, 20 Apr 2026 17:37:35 GMT; Max-Age=31536000; SameSite=lax
Cache-Control	s-maxage=43200, stale-while-revalidate
Cf-Cache-Status	DYNAMIC
Date	Sun, 20 Apr 2025 17:37:35 GMT
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
Cf-Ray	933669101fc1b963-AMS
Content-Security-Policy	img-src 'self' https://assets.bitso.com .hsforms.com .hsforms.net .hubspot.com .hubspot.net data: https://t.co https://static.zdassets.com https://accounts.zendesk.com https://.zendesk.com https://media.smooch.io https://.zdusercontent.com https://ad.360yield.com https://ad.yieldlab.net https://ade.clmbtech.com https://ads.stickyadstv.com https://alb.reddit.com https://analytics.google.com https://analytics.twitter.com https://api.hubapi.com https://assets.bitso.com https://bitsohelp.zendesk.com https://c.bing.com https://cds.taboola.com https://cm.adgrx.com/bridge https://cm.g.doubleclick.net https://contextual.media.net https://criteo-partners.tremorhub.com https://criteo-sync.teads.tv https://dev.visualwebsiteoptimizer.com https://dis.criteo.com https://dis.criteo.com https://dpm.demdex.net https://e1.emxdgt.com/put https://eb2.3lift.com https://exchange.mediavine.com https://googleads.g.doubleclick.net https://gum.criteo.com https://i.liadm.com https://ib.adnxs.com https://images.ctfassets.net https://jadserve.postrelease.com/suid/1017 https://match.sharethrough.com https://matching.ivitrack.com https://mobileassets.bitso.com https://p.adsymptotic.com https://pixel.rubiconproject.com https://px.ads.linkedin.com https://px4.ads.linkedin.com/collect https://r.casalemedia.com https://rtb-csync.smartadserver.com https://s.ad.smaato.net https://simage2.pubmatic.com https://static.zdassets.com https://stats.g.doubleclick.net https://sync-criteo.ads.yieldmo.com https://sync-t1.taboola.com https://sync.1rx.io/usersync/criteodsp https://sync.1rx.io/usersync/criteodsp/k-P2ulDsYERzzfj-AD1mLMiL7Z9aICS2vfceIQGQ https://sync.aralego.com/idSync https://sync.aralego.com/idSync/ https://sync.outbrain.com https://sync.targeting.unrulymedia.com/csync https://tags.bluekai.com https://tg.socdm.com https://trc-events.taboola.com https://trends.revcontent.com https://visitor.omnitagjs.com https://visitor.omnitagsjs.com https://visitor.omnitagsjs.com https://www.facebook.com https://www.google-analytics.com https://www.google-analytics.com https://www.google.com.br/ads/ga-audiences https://www.google.com.br/pagead https://www.google.com.br/pagead/1p-user-list/16604673499 https://www.google.com.br/pagead/1p-user-list/16604673499/ https://www.google.com.mx https://www.google.com https://www.googletagmanager.com https://x.bidswitch.net ups.analytics.yahoo.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fast.appcues.com https://fonts.googleapis.com https://storage.googleapis.com; connect-src 'self' https://bitso.com .hs-analytics.net .hs-banner.com .hs-scripts.com .hsadspixel.net .hscollectedforms.net .hsforms.com .hsforms.net .hsleadflows.net .hubspot.com .hubspot.net .hubspotfeedback.com .usemessages.com feedback.hubapi.com https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://.zendesk.com https://api.smooch.io https://media.smooch.io https://zendesk-eu.my.sentry.io https://.twilio.com http://api.amplitude.com http://cdn.taboola.com/libtrc/unip http://cdn.taboola.com/libtrc/unip/1448272/tfa.js http://dynamic.criteo.com/js/ld/ld.js http://fast.appcues.com http://pixel.mathtag.com/event/js http://pixel.mathtag.com/oevent/js http://www.google-analytics.com/analytics.js http://www.googletagmanager.com https://a2.adform.net/Serving/TrackPoint/ https://amplitude.bitso.com https://analytics.google.com https://analytics.tiktok.com/api/v2/monitor https://analytics.tiktok.com/api/v2/pixel https://analytics.tiktok.com/api/v2/pixel/act https://analytics.tiktok.com/i18n/pixel/events.js https://analytics.tiktok.com/i18n/pixel/static/identify_c2008b8c.js https://analytics.tiktok.com/i18n/pixel/static/main.MTkwN2JhZDdhNA.js https://analytics.tiktok.com/i18n/pixel/static/main.MTkwN2JhZDdhNA.js https://api.hubapi.com https://api.hubspot.com https://api.lab.amplitude.com https://api.segment.io https://api.smooch.io/faye https://bitso.statuspage.io https://bitsohelp.zendesk.com https://cdn.amplitude.com https://cdn.matomo.cloud/reverseads.matomo.cloud https://cdn.matomo.cloud/reverseads.matomo.cloud/container_s1jZjiVL.js https://cdn.segment.com https://cdn.taboola.com/scripts/cds-pips.js https://cdn.taboola.com/scripts/eid.es5.js https://cds.taboola.com https://cgw.bitso.com https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/1018575448661820 https://connect.facebook.net/signals/config/186614296776384 https://connect.facebook.net/signals/config/2207664046137135 https://connect.facebook.net/signals/config/227520485531197 https://connect.facebook.net/signals/config/715174912450420 https://connect.facebook.net/signals/config/716834929017352 https://conversions-config.reddit.com/v1/pixel https://conversions-config.reddit.com/v1/pixel/error https://csmetrics.hotjar.com https://dev-amplitude.bitso.com https://dev-segment.bitso.com https://dev.visualwebsiteoptimizer.com https://docs.google.com https://e1.emxdgt.com/put https://ekr.zdassets.com https://forms.hsforms.com https://googleads.g.doubleclick.net https://googleads.g.doubleclick.net/pagead/viewthroughconversion https://in.hotjar.com https://logs.browser-intake-datadoghq.com https://measurement-api.criteo.com/register-trigger https://onelinksmartscript.appsflyer.com/onelink-smart-script-latest.js https://pips.taboola.com https://pixel-config.reddit.com/pixels https://pixel-config.reddit.com/pixels/t2_36lvg1kb/config https://psb.taboola.com/topics_api https://px.ads.linkedin.com/attribution_trigger https://px.ads.linkedin.com/wa/ https://px4.ads.linkedin.com/collect https://rum.browser-intake-datadoghq.com https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://script.crazyegg.com https://segment.bitso.com https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://sslwidget.criteo.com/event https://static.clevertap.com/js/clevertap.min.js https://static.hotjar.com https://static.zdassets.com https://stats.g.doubleclick.net https://status.bitso.com https://sync.aralego.com/idSync/ https://tags.cgcmd.globo.com/gp https://tags.cgcmd.globo.com/gp/3ba26cf5-4a8a-4e37-958d-7f4c04e75fa1.js https://trc-events.taboola.com https://trc.taboola.com/1448272/trc/3/json https://uptok-server-production-cyxmaabxjq-uc.a.run.app https://us1.clevertap-prod.com https://visitor.omnitagjs.com https://wa.appsflyer.com https://websdk.appsflyer.com/ https://www.bitso.com/g/collect https://www.google-analytics.com https://www.google.com.br/pagead/1p-user-list/16604673499 https://www.google.com/ccm/collect https://www.google.com/recaptcha/api.js https://www.googletagmanager.com https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js https://www.redditstatic.com/ads https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_36lvg1kb_telemetry https://www.redditstatic.com/ads/pixel.js js.hscta.net static.hsappstatic.net us1.dashboard.clevertap.com wss://api.appcues.net wss://api.smooch.io/faye wss://widget-mediator.zopim.com wss://*.zendesk.com wss://api.smooch.io wss://voice-js.roaming.twilio.com
X-Frame-Options	sameorigin
X-Middleware-Rewrite	/us
Vary	RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding
Server	cloudflare
Connection	keep-alive
Link	<https://bitso.com/mx>; rel="alternate"; hreflang="es-mx", <https://bitso.com/ar>; rel="alternate"; hreflang="es-ar", <https://bitso.com/co>; rel="alternate"; hreflang="es-co", <https://bitso.com/br>; rel="alternate"; hreflang="pt-br", <https://bitso.com/>; rel="alternate"; hreflang="en", <https://bitso.com/>; rel="alternate"; hreflang="x-default"
X-Nextjs-Cache	HIT
X-Powered-By	Next.js
X-Envoy-Upstream-Service-Time	11
Content-Type	text/html; charset=utf-8

About the tool

By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.

This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.

We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.

Watch it now at TrustRadar