| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Content-Security-Policy | default-src 'self' *.dcube.cloud *.demdex.net cm.everesttech.net wogadobeanalytics.sc.omtrdc.net console-flex-api.ap.sabio.cloud console.apac.sabio.cloud; script-src www.google.com connect.facebook.net platform.twitter.com www.youtube.com *.dsta-stg-upgrade.xtrdev.info ajax.googleapis.com www.google-analytics.com www.adobetag.com assets.adobedtm.com cse.google.com va.ecitizen.gov.sg *.dcube.cloud www.googletagmanager.com console-flex-api.ap.sabio.cloud *.instagram.com https://assets.wogaa.sg console.apac.sabio.cloud webchat.vica.gov.sg *.gstatic.com/recaptcha/ *.google.com/recaptcha/ cdn.jsdelivr.net/ 'self' web-chat.nativechat.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src www.google.com *.dsta-stg-upgrade.xtrdev.info fonts.googleapis.com va.ecitizen.gov.sg assets.dcube.cloud use.fontawesome.com console-flex-api.ap.sabio.cloud assets.wogaa.sg console.apac.sabio.cloud 'unsafe-inline' webchat.vica.gov.sg cdn.jsdelivr.net/ 'self' web-chat.nativechat.com; img-src data: blob: *.dsta-stg-upgrade.xtrdev.info ssl.gstatic.com clients1.google.com/generate_204 www.googleapis.com/generate_204 www.google.com *.gstatic.com/images www.google-analytics.com stats.g.doubleclick.net omnitureengineering.d1.sc.omtrdc.net cm.everesttech.net wogadobeanalytics.sc.omtrdc.net dpm.demdex.net va.ecitizen.gov.sg *.xx.fbcdn.net *.cdninstagram.com console-flex-api.ap.sabio.cloud 'self' *.stg.cwp2.sg *.localdev.info console.apac.sabio.cloud bucket-common.vica.gov.sg web-chat.nativechat.com; font-src 'self' fonts.gstatic.com netdna.bootstrapcdn.com data: *.dsta-stg-upgrade.xtrdev.info fonts.googleapis.com va.ecitizen.gov.sg s3-us-west-2.amazonaws.com assets.dcube.cloud use.fontawesome.com; media-src 'self' data: blob:; connect-src 'self' cdn.plyr.io *.dsta-stg-upgrade.xtrdev.info wogadobeanalytics.sc.omtrdc.net dpm.demdex.net va.ecitizen.gov.sg *.dcube.cloud www.google-analytics.com stats.g.doubleclick.net console-flex-api.ap.sabio.cloud *.wogaa.sg console.apac.sabio.cloud chat.vica.gov.sg autocomplete.vica.gov.sg wss://chat.vica.gov.sg; frame-src www.facebook.com web.facebook.com platform.twitter.com www.youtube.com *.dsta-stg-upgrade.xtrdev.info cse.google.com tools.onemap.sg fast.wogaa.demdex.net www.onemap.sg form.gov.sg www.onemap.gov.sg *.facebook.com *.instagram.com *.google.com 'self' web-chat.nativechat.com; child-src www.facebook.com web.facebook.com platform.twitter.com www.youtube.com *.dsta-stg-upgrade.xtrdev.info cse.google.com tools.onemap.sg fast.wogaa.demdex.net www.onemap.sg form.gov.sg www.onemap.gov.sg *.facebook.com *.instagram.com 'self' web-chat.nativechat.com |
| X-Frame-Options | SAMEORIGIN |
| X-Content-Type-Options | nosniff |
| Cache-Control | no-cache |
| Expires | -1 |
| Referrer-Policy | no-referrer-when-downgrade |
| Connection | keep-alive |
| Date | Thu, 17 Apr 2025 03:25:38 GMT |
| X-Cache | Miss from cloudfront |
| X-Amz-Cf-Pop | AMS58-P1 |
| Content-Type | text/html; charset=utf-8 |
| Strict-Transport-Security | max-age=31536000; includeSubDomains |
| X-Amz-Cf-Id | PSsmRoE3eMEx9gGLmamYNmyHytrDX3fKJ7F7wON2cTeQrGt9reG8WQ== |
| Vary | Origin |
| Pragma | no-cache |
| X-Xss-Protection | 1; mode=block |
| Via | 1.1 1fb7ef67aaeb45ceb86b21babb0ba848.cloudfront.net (CloudFront) |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar