| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Content-Security-Policy | default-src 'self' *.consumer.org.nz; font-src *; img-src 'self' data: *; object-src 'none'; style-src 'self' 'unsafe-inline' *.consumer.org.nz *.marketo.com api.addressfinder.io *.googleapis.com consumer-nz-assets.s3.amazonaws.com uploads-cnz.s3-ap-southeast-2.amazonaws.com uploads-cnz.s3.ap-southeast-2.amazonaws.com optimize.google.com *.visualwebsiteoptimizer.com app.vwo.com d1y1ao4aj0rzc0.cloudfront.net; frame-src 'self' *.consumer.org.nz *.doubleclick.net *.marketo.com consumertest.shinyapps.io donorbox.org e.infogram.com *.spotify.com platform.twitter.com player.vimeo.com www.rnz.co.nz staticcdn.co.nz *.facebook.com www.googletagmanager.com www.iheart.com www.recaptcha.net www.youtube.com yabblezone.net survey.alchemer.com www.instagram.com optimize.google.com *.visualwebsiteoptimizer.com app.vwo.com www.canva.com flo.uri.sh; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.consumer.org.nz *.google-analytics.com munchkin.marketo.net *.marketo.com *.algolia.net *.algolianet.com api.addressfinder.io *.nr-data.net bat.bing.com bat.bing-int.com connect.facebook.net consumer-nz-assets.s3.amazonaws.com donorbox.org e.infogram.com platform.twitter.com player.vimeo.com staticcdn.co.nz uploads-cnz.s3-ap-southeast-2.amazonaws.com www.googletagmanager.com www.gstatic.com www.recaptcha.net www.youtube.com www.instagram.com *.googleapis.com translate.google.com cdnjs.cloudflare.com/ajax/libs/iframe-resizer/3.5.16/iframeResizer.min.js survey.alchemer.com www.surveygizmo.com www.googleoptimize.com optimize.google.com analytics.tiktok.com cdn.raygun.io www.googleadservices.com *.doubleclick.net ajax.cloudflare.com snap.licdn.com *.visualwebsiteoptimizer.com app.vwo.com widget.surveymonkey.com *.clarity.ms *.flourish.studio d1y1ao4aj0rzc0.cloudfront.net uploads-cnz.s3.amazonaws.com; connect-src 'self' *.consumer.org.nz *.marketo.net *.algolia.io *.algolia.net *.algolianet.com *.doubleclick.net *.google-analytics.com *.mktoresp.com *.mktoutil.com *.google.com api.addressfinder.io *.nr-data.net bat.bing.com bat.bing-int.com www.facebook.com www.instagram.com *.googleapis.com analytics.tiktok.com www.googletagmanager.com *.raygun.io cdn.linkedin.oribi.io px.ads.linkedin.com *.visualwebsiteoptimizer.com app.vwo.com *.clarity.ms; worker-src 'self' blob:; report-uri https://report-to-api.raygun.com/reports-csp?apikey=0DrrEZ5IGC5CYxKjtrP5aA== |
| Fastly-Hash | null-hash |
| X-Haunted-By | admin@hauntdigital.co.nz |
| X-Frame-Options | SAMEORIGIN |
| Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
| X-Served-By | cache-rtm-ehrd2290041-RTM |
| Cf-Cache-Status | DYNAMIC |
| X-Runtime | 0.092298 |
| X-Cache | HIT |
| X-Timer | S1745073377.731669,VS0,VE1 |
| Server | cloudflare |
| Connection | keep-alive |
| Vary | Fastly-Hash, Accept-Encoding |
| Nel | {"success_fraction":0,"report_to":"cf-nel","max_age":604800} |
| Cf-Ray | 932d221c6e94bdf3-AMS |
| Alt-Svc | h3=":443"; ma=86400 |
| Server-Timing | cfL4;desc="?proto=TCP&rtt=866&min_rtt=854&rtt_var=262&sent=5&recv=8&lost=0&retrans=0&sent_bytes=3895&recv_bytes=1834&delivery_rate=4768386&cwnd=252&unsent_bytes=0&cid=89e471c61c0862f4&ts=34&x=0" |
| Date | Sat, 19 Apr 2025 14:36:16 GMT |
| Permissions-Policy | microphone=(), camera=(), geolocation=(), fullscreen=(self), payment=(), screen-wake-lock=(), publickey-credentials-get=(), display-capture=(self) |
| X-Xss-Protection | 1; mode=block |
| Link | <https://d1y1ao4aj0rzc0.cloudfront.net/packs/css/application-f4b68cdd.chunk.css>; rel=preload; as=style; nopush,<https://d1y1ao4aj0rzc0.cloudfront.net/packs/js/runtime~application-bcc6e240ca2c6951c2f1.js>; rel=preload; as=script; nopush,<https://d1y1ao4aj0rzc0.cloudfront.net/packs/js/vendors~admin~admin-footer~admin-home~admin-menu~admin-sections~application~home~kiwisaver~menu~noti~63b6c05c-0b3541cdb7c8d6c90353.chunk.js>; rel=preload; as=script; nopush,<https://d1y1ao4aj0rzc0.cloudfront.net/packs/js/vendors~admin~application-ff65459e224960d1cb79.chunk.js>; rel=preload; as=script; nopush,<https://d1y1ao4aj0rzc0.cloudfront.net/packs/js/application-a980c011c583f455ac9c.chunk.js>; rel=preload; as=script; nopush,<https://d1y1ao4aj0rzc0.cloudfront.net/packs/js/runtime~menu-cb419f17092ee35a9fe4.js>; rel=preload; as=script; nopush,<https://d1y1ao4aj0rzc0.cloudfront.net/packs/js/vendors~admin-footer~admin-home~admin-menu~admin-sections~home~kiwisaver~menu~notifications~products~6b25e923-77433c5bb4fcf2ea7a1b.chunk.js>; rel=preload; as=script; nopush,<https://d1y1ao4aj0rzc0.cloudfront.net/packs/js/menu-c60b68689edd6d7cc1c6.chunk.js>; rel=preload; as=script; nopush,<https://d1y1ao4aj0rzc0.cloudfront.net/packs/js/runtime~notifications-0f3f25745591c4e839ae.js>; rel=preload; as=script; nopush,<https://d1y1ao4aj0rzc0.cloudfront.net/packs/js/notifications-4c05d5c8eabd84f3d4c1.chunk.js>; rel=preload; as=script; nopush |
| X-Content-Type-Options | nosniff |
| Age | 380076 |
| Cache-Control | private, no-store |
| Status | 200 OK |
| Referrer-Policy | strict-origin-when-cross-origin |
| X-Cache-Hits | 0 |
| Report-To | {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B4XRBz1ofNG7%2FJfI1FnBkePDwIDCCBoAg%2FBreSDlhcKQGW5eWROHqoAmi8PVsVuSKabLgT2k4QyjNn1VCLbXilFiMRjALQYYuE99XMChqIUt3HTVmXi2Ir7PykidbO79Js214mk%3D"}],"group":"cf-nel","max_age":604800} |
| Content-Type | text/html; charset=utf-8 |
| X-Request-Id | 1c875894-9701-4e43-b807-68c869923189 |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar