HTTP Headers report for cramptonandmoore.co.uk

Header Name	Header Data
HTTP status code	200
Content-Security-Policy-Report-Only	font-src static.lipscore.com .fontawesome.com .yotpo.com .googleapis.com .gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com https://plumrocket.com .yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com .adyen.com .awin1.com .zenaps.com .fls.doubleclick.net https://plumrocket.com www.xtento.com .yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com s.ytimg.com validator.swagger.io .adyen.com .awin1.com .zenaps.com maps.gstatic.com static.lipscore.com blob: img.youtube.com .facebook.com www.xtento.com cdn.xtento.com .yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com .vimeocdn.com www.youtube.com .adyen.com .awin1.com www.dwin1.com .zenaps.com https://the.sciencebehindecommerce.com .googleapis.com static.lipscore.com .googletagmanager.com .facebook.net www.xtento.com cdn.xtento.com .yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com static.lipscore.com .fontawesome.com .yotpo.com .googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com .adyen.com https://the.sciencebehindecommerce.com .googleapis.com wapi.lipscore.com users.lipscore.com .google-analytics.com .yotpo.com 'self' 'unsafe-inline'; child-src .awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';
Set-Cookie	PHPSESSID=jmalf9m4326evbidcjevvu2eep; expires=Thu, 17-Apr-2025 09:41:22 GMT; Max-Age=36000; path=/; domain=www.cramptonandmoore.co.uk; secure; HttpOnly; SameSite=Lax
Upgrade	h2,h2c
Content-Type	text/html; charset=UTF-8
Pragma	no-cache
Connection	Upgrade
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block
Cache-Control	max-age=0, must-revalidate, no-cache, no-store
Server	Apache
Expires	Tue, 16 Apr 2024 16:21:26 GMT
X-Frame-Options	SAMEORIGIN
Date	Wed, 16 Apr 2025 23:41:22 GMT

About the tool

By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.

This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.

We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.

Watch it now at TrustRadar