| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| X-Goog-Stored-Content-Length | 4580 |
| Access-Control-Expose-Headers | * |
| Cache-Control | public, max-age=2592000 |
| Vary | Accept-Encoding |
| Alt-Svc | h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 |
| X-Content-Type-Options | nosniff |
| Content-Type | text/html; charset=UTF-8 |
| X-Guploader-Uploadid | AKDAyIvOrDK8__rL-IEzFm64Mv5A9hvTupBFLPp7treEUEzxGDf4i8RZAxQh279G0YWdvfLmbg985DU |
| Strict-Transport-Security | max-age=31536000; includeSubDomains |
| Expires | Tue, 06 May 2025 04:38:34 GMT |
| Age | 35872 |
| X-Goog-Stored-Content-Encoding | gzip |
| X-Guploader-Response-Body-Transformations | gunzipped |
| X-Xss-Protection | 1; mode=block |
| Date | Sun, 06 Apr 2025 14:36:26 GMT |
| Warning | 214 UploadServer gunzipped |
| X-Goog-Hash | crc32c=zmZ4Ow== |
| X-Goog-Storage-Class | MULTI_REGIONAL |
| Access-Control-Allow-Origin | * |
| Last-Modified | Wed, 26 Mar 2025 11:05:16 GMT |
| Etag | W/"b0951a106aea8860d9a4d5b64940498e" |
| Content-Security-Policy | default-src 'self' *.clover.com cloverstatic.com dev.cloverstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ipv6.6sc.co j.6sc.co secure.adnxs.com https://assets.adobedtm.com js.adsrvr.org *.amazon-adsystem.com analytics.bgalytics.com bat.bing.com cdn.bttrack.com https://www.clarity.ms cdnjs.cloudflare.com d3sbxpiag177w8.cloudfront.net *.clover.com cloverstatic.com dev.cloverstatic.com https://*.demdex.net googleads.g.doubleclick.net stats.g.doubleclick.net *.t.eloqua.com img.en25.com https://cm.everesttech.net *.evidon.com connect.facebook.net tracker.gaconnector.com www.google-analytics.com apis.google.com optimize.google.com tagmanager.google.com www.google.com www.googleadservices.com maps.googleapis.com *.googletagmanager.com www.googletagmanager.com *.greenhouse.io www.gstatic.com heapanalytics.com cdn.heapanalytics.com script.hotjar.com static.hotjar.com js.hs-analytics.net js.hs-scripts.com mpsnare.iesnare.com widget.intercom.io js.intercomcdn.com pnapi.invoca.net solutions.invocacdn.com snap.licdn.com munchkin.marketo.net *.mountain.com apps.mypurecloud.com nifegwy.neustar.biz h.online-metrix.net *.optimizely.com cdn.optimizely.com amplify.outbrain.com s.pinimg.com *.qualtrics.com rules.quantcount.com secure.quantserve.com cdn.ravenjs.com recaptcha.net www.redditstatic.com tags.srv.stackadapt.com https://analytics.tiktok.com tags.tiqcdn.com play.vidyard.com *.walkme.com sp.analytics.yahoo.com s.yimg.com www.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com d3sbxpiag177w8.cloudfront.net *.clover.com cloverstatic.com dev.cloverstatic.com optimize.google.com tagmanager.google.com chart.googleapis.com fonts.googleapis.com heapanalytics.com *.qualtrics.com tags.srv.stackadapt.com; img-src blob: data: 'self' firstdatacloverwebsite.122.2o7.net b.6sc.co https://assets.adobedtm.com js.adsrvr.org p.adsymptotic.com data.adxcel-ec2.com mver.agkn.com s.amazon-adsystem.com apintego.com arttrk.com cx.atdmt.com *.bing.com bat.bing.com *.clarity.ms d3sbxpiag177w8.cloudfront.net dxkdvuv3hanyu.cloudfront.net res.cloudinary.com *.clover.com cloverstatic.com dev.cloverstatic.com www.google.co.uk www.google.co.in www.google.co.id www.google.com.pr www.google.com.br www.google.com.co images.contentful.com *.ctfassets.net https://*.demdex.net *.doubleclick.net *.g.doubleclick.net *.t.eloqua.com https://cm.everesttech.net *.evidon.com *.eyeota.net connect.facebook.net www.facebook.com *.ggpht.com *.google-analytics.com www.google-analytics.com *.google.com *.analytics.google.com www.google.com www.google.ca www.google.de www.google.ie *.googleapis.com chart.googleapis.com maps.googleapis.com *.googletagmanager.com www.googletagmanager.com lh3.googleusercontent.com *.gstatic.com heapanalytics.com script.hotjar.com track.hubspot.com static.intercomassets.com *.intercomcdn.com js.intercomcdn.com uploads.intercomusercontent.com *.ads.linkedin.com www.linkedin.com *.omtrdc.net *.online-metrix.net *.optimizely.com amplify.outbrain.com amplifypixel.outbrain.com tr.outbrain.com data.pendo.io *.perka.com s.pinimg.com ct.pinterest.com *.qualtrics.com pixel.quantserve.com recaptcha.net alb.reddit.com www.redditstatic.com *.rfihub.com cdn.vidyard.com play.vidyard.com *.vimeocdn.com *.walkme.com sp.analytics.yahoo.com s.yimg.com; font-src data: 'self' maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.clover.com cloverstatic.com dev.cloverstatic.com use.fontawesome.com fonts.gstatic.com heapanalytics.com script.hotjar.com *.intercomcdn.com js.intercomcdn.com *.qualtrics.com; connect-src 'self' 52.71.121.170 44.238.122.172 34.215.155.61 44.212.189.233 54.156.2.105 18.210.229.244 3.212.39.155 35.160.46.251 52.22.50.55 100.20.58.101 c.6sc.co ipv6.6sc.co 35.85.84.151 44.228.85.26 secure.adnxs.com https://assets.adobedtm.com collection.bgalytics.com bat.bing.com browser-intake-datadoghq.com *.browser-intake-datadoghq.com *.clarity.ms https://a.clarity.ms *.clover.com wss://*.clover.com cloverstatic.com dev.cloverstatic.com *.contentful.com *.ctfassets.net *.datadoghq.com https://*.demdex.net *.g.doubleclick.net https://cm.everesttech.net *.evidon.com www.facebook.com oamportal.fdvs.com secure.geonames.org *.google-analytics.com www.google-analytics.com *.google.com analytics.google.com apis.google.com www.google.com maps.googleapis.com storage.googleapis.com *.googletagmanager.com *.greenhouse.io heapanalytics.com *.hotjar.com *.hotjar.io vc.hotjar.io wss://*.hotjar.com wss://ws4.hotjar.com *.intercom.io wss://*.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com pnapi.invoca.net px.ads.linkedin.com *.mktoresp.com *.mktoutil.com *.tt.omtrdc.net h.online-metrix.net *.optimizely.com cdn.linkedin.oribi.io https://cdn.linkedin.oribi.io *.perka.com ct.pinterest.com *.qualtrics.com recaptcha.net *.reddit.com redditstatic.com www.redditstatic.com sentry.io *.sentry.io collection.sperse.io tags.srv.stackadapt.com api.thelevelup.com https://analytics.tiktok.com s.yimg.com; media-src 'self' *.clover.com cloverstatic.com dev.cloverstatic.com *.ctfassets.net commondatastorage.googleapis.com js.intercomcdn.com cdn.vidyard.com gateway.zscloud.net; object-src 'self' *.clover.com cloverstatic.com dev.cloverstatic.com h.online-metrix.net vd.vidoplay.com; child-src intercom-sheets.com player.vimeo.com www.youtube.com; frame-src mailto: 'self' tel: *.adsrvr.org insight.adsrvr.org s.amazon-adsystem.com players.brightcove.net *.clover.com cloverstatic.com dev.cloverstatic.com sync-flow.codat.io https://*.demdex.net *.doubleclick.net *.fls.doubleclick.net bid.g.doubleclick.net www.facebook.com accounts.google.com docs.google.com optimize.google.com www.google.com maps.googleapis.com boards.greenhouse.io vars.hotjar.com intercom-sheets.com h.online-metrix.net *.optimizely.com *.cdn.optimizely.com *.perka.com https://ct.pinterest.com *.qualtrics.com play.vidyard.com player.vimeo.com www.youtube.com *.ytimg.com; frame-ancestors *.clover.com cloverstatic.com dev.cloverstatic.com *.optimizely.com *.perka.com; |
| X-Goog-Generation | 1742987116217723 |
| X-Goog-Metageneration | 1 |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar