HTTP Headers report for coinbase.com

Header Name	Header Data
HTTP status code	200
Etag	W/"59327-2pbT734u6+/qKrR2cwkL6tRzqiw"
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Download-Options	noopen
X-Frame-Options	SAMEORIGIN
Cf-Ray	92bccccb1fddb980-AMS
Date	Sat, 05 Apr 2025 23:24:37 GMT
X-Dns-Prefetch-Control	off
Cf-Cache-Status	DYNAMIC
Surrogate-Control	no-store
Cache-Control	no-store, no-cache, must-revalidate, max-age=0,no-store, no-cache, must-revalidate, proxy-revalidate
Expect-Ct	enforce, max-age=86400, report-uri="https://coinbase.report-uri.io/r/default/ct/reportOnly"
Expires	0,0
Referrer-Policy	strict-origin-when-cross-origin
Set-Cookie	coinbase_locale=nl; Path=/
X-Xss-Protection	0
Report-To	{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ey4m4SXMf491CX%2B2Km2vRDU5HpnXISM%2BrQkOibb%2BO5yOpJmJAgOjtMQT6NzIPP7sI%2BXF0vOBI0EsbUBK6PBw90C8Mz7si6C9qoyG3w8YARXt8RCnt%2FsxYhOP0LFF2wFcNPY%3D"}],"group":"cf-nel","max_age":604800}
Content-Type	text/html; charset=utf-8
Connection	keep-alive
Content-Security-Policy	default-src 'self' https://login.coinbase.com https://www.coinbase.com https://sdk.onfido.com https://assets.onfido.com; child-src 'self' https://www.coinbase.com https://.coinbase.com https://accounts.google.com/ https://www.googletagmanager.com/ https://static-assets.coinbase.com https://paywithmybank.com/start/ https://cdn1.paywithmybank.com/frontend/build/index.html https://fast.wistia.net https://ui.solaris-p.finleap.cloud https://fts-payment-initiation-wizard.solarisbank.de/ https://payment.truelayer.com https://.online-metrix.net https://.sardine.ai https://sdk.onfido.com/ https://.cb-device-intelligence.com https://.wpstn.com https://platform.twitter.com https://www.google.com/recaptcha/ https://cdn.plaid.com/link/ https://.doubleclick.net/ blob: https://www.youtube.com https://player.vimeo.com/video/ https://widget.coinbase.com https://datawrapper.dwcdn.net/ https://widgets.marqeta.com https://.paypal.com https://pay.google.com/ https://transact.atomicfi.com/ https://cb-monorail-legal-agreements-prod.s3.us-east-1.amazonaws.com https://alchemy.veriff.com https://price-table-widget.coinbase.com https://magic.veriff.me https://centinelapi.cardinalcommerce.com/V1/Cruise/Collect https://p2a.co/ https://docs.google.com/forms/ https://a.sprig.com/SmJKcmh5cDRYZX5zaWQ6YWE3ZDJhZjYtMjYxYS00NjkwLWE3ZWMtMGRjMGQyMGY2ZDk5 https://calendly.com/ https://link.tink.com/ https://jsv3.recruitics.com/; connect-src 'self' https://accounts.google.com/gsi/ https://mfe.coinbase.com https://www.coinbase.com https://api.coinbase.com https://api.custody.coinbase.com https://prime.coinbase.com https://accounts.coinbase.com https://international.coinbase.com https://exchange.coinbase.com https://cloud.coinbase.com https://www.tradingview.com/snapshot/ https://player.vimeo.com/api/player.js https://vimeo.com/api/oembed.json https://api.segment.io https://api.web3modal.org https://login.coinbase.com https://.online-metrix.net https://api.cloudinary.com https://api.amplitude.com/ https://d3907m2cqladbn.cloudfront.net/ https://exceptions.coinbase.com https://assets.coinbase.com/ https://sessions.coinbase.com/ https://assets.coinbase.com/ https://static-assets.coinbase.com/ https://dynamic-assets.coinbase.com/ https://analytics.google.com https://.google-analytics.com https://maps.googleapis.com https://translation.googleapis.com https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://www.googleadservices.com https://googleads.g.doubleclick.net https://people.googleapis.com https://dynamic-assets.coinbase.com https://published-assets.coinbase.com https://translations.coinbase.com https://translations.coinbase.com https://static.coinbase.com https://events-service.coinbase.com/amp https://events-service.coinbase.com/track-exposures https://events-service.coinbase.com/bugsnag https://events-service.coinbase.com/metrics https://as.coinbase.com/metrics https://as.coinbase.com/amp https://as.coinbase.com/bugsnag https://as.coinbase.com/track-exposures https://dp.coinbase.com/metrics https://dp.coinbase.com/amp https://dp.coinbase.com/bugsnag https://dp.coinbase.com/track-exposures https://.braintree-api.com https://api.braintreegateway.com wss://ws.coinbase.com wss://ws.coinbase.com:443 https://www.coinbase.com/api https://cdn.contentful.com/ https://contentful.coinbase.com/ https://api.userleap.com/ https://api.sprig.com/ https://widgets.marqeta.com/client/api/v1/ https://assets.ctfassets.net/ https://images.ctfassets.net/ https://pay.google.com/ https://google.com/pay https://c.tvpixel.com/ https://p.tvpixel.com/ https://.salesforce.com https://api.wallet.coinbase.com wss://relay.walletconnect.com wss://relay.walletconnect.org https://explorer-api.walletconnect.com wss://www.walletlink.org https://api.onfido.com wss://sync.onfido.com https://sdk.onfido.com/ https://rba-authed-278491357830-production.s3.us-east-1.amazonaws.com/ https://go.wallet.coinbase.com/ https://cdn.sprig.com/session-replay/ https://as.coinbase.com/traces https://www.google.com/pay https://api2.branch.io; font-src 'self' data: https://www.coinbase.com https://assets.coinbase.com/ https://fonts.gstatic.com/ https://card.coinbase.com/ https://static.coinbase.com https://static-assets.coinbase.com https://assets.ctfassets.net/; img-src 'self' data: https://www.coinbase.com https://images.coinbase.com https://www.gstatic.com/ https://play-lh.googleusercontent.com/ https://www.tradingview.com https://cdnjs.cloudflare.com/ https://sdk.onfido.com/ https://i.vimeocdn.com/video/ https://d3907m2cqladbn.cloudfront.net/ https://d392zik6ho62y0.cloudfront.net/ https://d1dwhf283nul1c.cloudfront.net/ https://static-assets.coinbase.com/ https://dynamic-assets.coinbase.com/ https://dynamic-assets.coinbase.com https://published-assets.coinbase.com https://exceptions.coinbase.com https://go.wallet.coinbase.com/ https://coinbase-uploads.s3.amazonaws.com https://asset-metadata-service-production.s3.amazonaws.com https://s3.amazonaws.com/app-public/ https://maps.gstatic.com https://ssl.google-analytics.com https://www.google.com https://maps.googleapis.com https://csi.gstatic.com https://www.google-analytics.com https://res.cloudinary.com https://secure.gravatar.com https://i2.wp.com https://.online-metrix.net https://assets.coinbase.com/ https://ctf-images-01.coinbasecdn.net/ https://hexagon-analytics.com https://cb-brand.s3.amazonaws.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net/r/collect https://card.coinbase.com/ blob: https://static.coinbase.com https://www.facebook.com/tr/ https://images.ctfassets.net/ https://i.ytimg.com/vi/ https://.paypal.com https://px.ads.linkedin.com https://www.linkedin.com/px https://p.adsymptotic.com/d/px https://atomicfi-public-production.s3.amazonaws.com https://cdn-public.atomicfi.com https://api.custody.coinbase.com/ https://help.coinbase.com/ https://truelayer-provider-assets.s3.amazonaws.com https://providers-assets.truelayer.com https://explorer-api.walletconnect.com; media-src 'self' https://static-assets.coinbase.com/ https://www.coinbase.com https://d392zik6ho62y0.cloudfront.net/ https://ctf-videos-01.coinbasecdn.net/ https://ctf-downloads-01.coinbasecdn.net/ https://ctf-images-01.coinbasecdn.net/ https://ctf-assets-01.coinbasecdn.net/ blob:; object-src 'self' data: blob: https://www.coinbase.com https://.online-metrix.net https://www.gstatic.com https://www.google.com/recaptcha/api/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.coinbase.com https://www.googletagmanager.com/ https://accounts.google.com/gsi/client https://accounts.google.com/gsi/ https://.sardine.ai https://.cb-device-intelligence.com https://player.vimeo.com/api/player.js https://sdk.onfido.com/ https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://.google-analytics.com https://www.google.com https://www.gstatic.com https://.online-metrix.net https://maps.googleapis.com https://maps.gstatic.com https://cdn.plaid.com/link/ https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://static-assets.coinbase.com/international/trustly/ca/js/prod/paywithmybank.js https://www.googleadservices.com https://googleads.g.doubleclick.net https://assets.coinbase.com/ https://card.coinbase.com/ https://static.coinbase.com https://widget.coinbase.com https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/ https://static-assets.coinbase.com/js/ https://static-assets.coinbase.com/trading-view/ https://*.paypal.com https://images.ctfassets.net/ https://pay.google.com/ https://c.tvpixel.com/ https://p.tvpixel.com/ https://price-table-widget.coinbase.com https://jsv3.recruitics.com/0778138b-cc59-11ef-a514-fd1759833eec.js; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/ https://assets.coinbase.com https://www.coinbase.com https://sdk.onfido.com/ https://assets.coinbase.com/ https://static-assets.coinbase.com/trading-view/ https://card.coinbase.com/ https://static.coinbase.com https://go.wallet.coinbase.com; report-uri /csp-logging
Trace-Id	8872912378226191363
Nel	{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Server	cloudflare

About the tool

By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.

This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.

We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.

Watch it now at TrustRadar