crownresorts.com.au | Analytics by SecurityHeaders

HTTP Headers report for crownresorts.com.au

Header Name Header Data
HTTP status code 200
Content-Type text/html; charset=utf-8
Connection keep-alive
Access-Control-Allow-Origin https://crprdsite.crownwebtest.com.au
Set-Cookie browserVersion=Browser=CHROME&Browser Version=91.0.4472.124; domain=crownresorts.com.au; expires=Mon, 28-Apr-2025 18:31:09 GMT; path=/; secure; HttpOnly
Request-Context appId=cid-v1:9d8dbf0f-c847-4f15-88fa-ba0cb04d9212
Date Mon, 21 Apr 2025 18:31:10 GMT
Access-Control-Allow-Credentials true
Access-Control-Allow-Headers Content-Type, X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Date, X-Api-Version, X-File-Name, authtoken, apitoken
X-Content-Type-Options nosniff
Vary Accept-Encoding
Access-Control-Allow-Methods POST,GET,PUT,PATCH,DELETE,OPTIONS
Access-Control-Expose-Headers Request-Context
Cache-Control private
Strict-Transport-Security max-age=31536000; includeSubDomains
Content-Security-Policy-Report-Only font-src * data:;img-src * data:;frame-src 'self' *.sevenrooms.com *.doubleclick.net *.smartrecruiters.com *.adyen.com *.pinterest.com *.googleadservices.com *.google.com *.googletagmanager.com *.cardinalcommerce.com sevenrooms.com *.americanexpress.com *.securesuite.co.uk secure7.arcot.com *.rsa3dsauth.co.uk mycardsecure.com www.mycardsecure.com dupe.com *.opentable.com.au;script-src 'self' *.curator.io *.google-analytics.com *.googletagmanager.com *.google.com *.licdn.com *.clarity.ms *.gstatic.com *.facebook.net *.pinimg.com *.smartrecruiters.com *.hotjar.com cdn-cookieyes.com 'unsafe-eval' 'unsafe-inline' data:;script-src-elem 'self' 'unsafe-inline' *.facebook.net *.licdn.com *.google.com *.googletagmanager.com https://www.googletagmanager.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.smartrecruiters.com *.curator.io *.clarity.ms *.pinimg.com *.hotjar.com cdn-cookieyes.com;style-src-elem 'self' *.honey.io *.google.com *.curator.io *.smartrecruiters.com *.facebook.net *.clarity.ms 'unsafe-inline';connect-src 'self' *.facebook.com *.google.com *.google-analytics.com *.googleapis.com melprdwebsite.azurewebsites.net crownkentico-prd-as-csearch.search.windows.net *.pinterest.com *.doubleclick.net *.curator.io *.clarity.ms *.linkedin.com *.datatoolscloud.net.au *.hotjar.io *.adyen.com *.cookieyes.com cdn-cookieyes.com ws://localhost:12387 wss://ws.hotjar.com https://www.google.com/ data:;report-uri /api/logs/csp-report;report-to csp-endpoint;
X-Xss-Protection 1; mode=block
X-Fd-Int-Roxy-Purgeid 83856820
X-Cache PRIVATE_NOSTORE
Reporting-Endpoints csp-endpoint="/api/logs/csp-report"
X-Azure-Ref 20250421T183108Z-r175cd98c7ctgzhvhC1DUS7ck00000000cqg000000008r0w

About the tool

By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.

This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.

We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.

Watch it now at TrustRadar