| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Date | Thu, 17 Apr 2025 01:55:06 GMT |
| Content-Security-Policy-Report-Only | default-src 'self'; script-src 'report-sample' 'self' 'strict-dynamic' 'unsafe-hashes' 'unsafe-eval' *.adis.ws adis.ws *.arc.epoq.de arc.epoq.de *.baqend.com baqend.com *.carhartt-wip.app.baqend.com carhartt-wip.app.baqend.com *.carhartt-wip.com carhartt-wip.com *.cookiebot.com cookiebot.com *.epoq-systems.de epoq-systems.de *.fitanalytics.com fitanalytics.com *.hotjar.com hotjar.com *.hotjar.io hotjar.io *.services-carhartt-wip.com services-carhartt-wip.com *.epoq.de epoq.de *.googleadservices.com googleadservices.com *.google.com google.com *.google.de google.de *.google.pl google.pl *.google-analytics.com google-analytics.com *.googletagmanager.com googletagmanager.com *.googleapis.com googleapis.com *.siteimproveanalytics.com siteimproveanalytics.com *.tagmanager.google.com tagmanager.google.com *.visualwebsiteoptimizer.com visualwebsiteoptimizer.com *.tiktok.com tiktok.com *.webgains.io webgains.io *.bing.com bing.com *.facebook.com facebook.com *.facebook.net facebook.net *.cptrack.de cptrack.de *.gstatic.com gstatic.com *.pay1.de pay1.de *.zenloop.com zenloop.com *.klarna.com klarna.com *.playground.klarna.com js.playground.klarna.com *.nlservice.carhartt-wip.com:* nlservice.carhartt-wip.com:* *.analytics.google.com analytics.google.com *.bing.com bing.com 'sha256-lTqPe76t8Osd8kmEz4T3znoUYgDHYdYw1X3ijHh6UoA=' 'sha256-fLjj98g6W3M84sRN67SPyI0+GPkbFL1ERF9F6b5X900=' 'nonce-facb87d54155b2006672e0140e247c0e' ; style-src 'self' 'unsafe-inline' *.epoq-systems.de epoq-systems.de *.epoq.de epoq.de *.carhartt-wip.com carhartt-wip.com tagmanager.google.com fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.analytics.google.com analytics.google.com *.baqend.com baqend.com *.cookiebot.com cookiebot.com *.carhartt-wip.com carhartt-wip.com *.carhartt-wip.app.baqend.com carhartt-wip.app.baqend.com *.fitanalytics.com fitanalytics.com *.googleapis.com googleapis.com *.google.com google.com *.google.de google.de *.google.pl google.pl *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.hotjar.io hotjar.io *.pay1.de pay1.de *.pinterest.com pinterest.com *.scarabresearch.com scarabresearch.com *.services-carhartt-wip.com services-carhartt-wip.com *.tiktok.com tiktok.com *.visualwebsiteoptimizer.com visualwebsiteoptimizer.com *.webgains.io webgains.io *.zenloop.com zenloop.com *.econda-monitor.de econda-monitor.de carharrt-storefinder-api.herokuapp.com storefinder-test.herokuapp.com *.nlservice.carhartt-wip.com:* nlservice.carhartt-wip.com:* *.epoq.de epoq.de *.googlesyndication.com *.g.doubleclick.net; font-src 'self' data: *.gstatic.com gstatic.com *.zenloop.com zenloop.com *.googleapis.com googleapis.com; frame-src 'self' *.cookiebot.com cookiebot.com *.pinterest.com pinterest.com *.google.com google.com *.carhartt-wip.com carhartt-wip.com *.pay1.de pay1.de *.soundcloud.com soundcloud.com *.klarna.com klarna.com *.playground.klarna.com js.playground.klarna.com *.doubleclick.net; img-src 'self' data: *.adis.ws adis.ws *.visualwebsiteoptimizer.com visualwebsiteoptimizer.com *.google-analytics.com google-analytics.com *.gstatic.com gstatic.com *.googletagmanager.com googletagmanager.com *.siteimproveanalytics.com siteimproveanalytics.com *.siteimproveanalytics.io siteimproveanalytics.io *.fitanalytics.com fitanalytics.com *.zenloop.com zenloop.com *.bing.com bing.com *.g.doubleclick.net doubleclick.net *.facebook.com facebook.com *.google.com google.com *.carhartt-wip.com carhartt-wip.com *.cdn.media.amplience.net cdn.media.amplience.net *.googleapis.com googleapis.com *.mktgcdn.com mktgcdn.com; manifest-src 'self'; media-src 'self' *.amplience.net amplience.net *.carhartt-wip.com carhartt-wip.com *.soundcloud.com soundcloud.com *.cdn.media.amplience.net cdn.media.amplience.net; worker-src 'none'; |
| Permissions-Policy | microphone=(),camera=() |
| Strict-Transport-Security | max-age=31536000; includeSubDomains |
| X-Xss-Protection | 1; mode=block |
| Content-Security-Policy | frame-ancestors 'self' http://localhost:* |
| Content-Type | text/html;charset=UTF-8 |
| Set-Cookie | _visitor=c1b82445-b080-4539-a2e2-fbdeb6e8d1a2; Expires=Sat, 17-Apr-2027 01:55:05 GMT; Path=/site |
| Pragma | no-cache |
| Expires | 0 |
| X-Frame-Options | DENY |
| X-Served-By | site-nginx-carhartt-proxy-98b5f7485-vnqqp |
| Via | 1.1 google |
| Referrer-Policy | same-origin |
| Cache-Control | no-cache, no-store, max-age=0, must-revalidate |
| Alt-Svc | h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 |
| Server | nginx |
| X-Content-Type-Options | nosniff |
| Vary | Origin |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar