HTTP Headers report for elle.com

Header Name	Header Data
HTTP status code	200
Content-Security-Policy	upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' https: https://accounts.google.com/gsi/; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://accounts.google.com/gsi/client; style-src data: 'unsafe-inline' https: https://accounts.google.com/gsi/style; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob: https://accounts.google.com/gsi/; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors 'self';
X-Content-Type-Options	nosniff
Set-Cookie	mosb=; expires=Mon, 08 Apr 2024 11:36:37 GMT; secure; path=/;
Connection	keep-alive
X-Cache	HIT, HIT
Server-Timing	time-start-msec;dur=1744112197974,time-elapsed;dur=6,fastly-pop;desc=AMS,hit-state;desc=HIT-CLUSTER
X-Country	NL
Alt-Svc	h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
Expires	Tue, 08 Apr 2025 11:18:58 GMT
Content-Type	text/html; charset=utf-8
Link	<https://hips.hearstapps.com>; rel=preconnect,<https://cdn.cookielaw.org>; rel=preconnect
X-Xss-Protection	1; mode=block
X-Robots-Tag	all
Age	1059
Strict-Transport-Security	max-age=31557600; includeSubDomains
Cache-Control	max-age=0, must-revalidate, no-store, private
Referrer-Policy	no-referrer-when-downgrade
Accept-Ranges	bytes
Date	Tue, 08 Apr 2025 11:36:37 GMT
Etag	"6vfiqsgl4z89ou"

About the tool

By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.

This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.

We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.

Watch it now at TrustRadar