| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Cross-Origin-Opener-Policy | same-origin |
| Cross-Origin-Resource-Policy | same-origin |
| Strict-Transport-Security | max-age=63072000; includeSubDomains; preload |
| X-Xss-Protection | 0 |
| Vary | accept-encoding |
| Date | Sun, 20 Apr 2025 00:31:40 GMT |
| Cache-Control | private, no-cache, no-store, max-age=0, must-revalidate |
| X-Frame-Options | DENY |
| X-Amz-Cf-Id | Dt_TIB8bnhR2DOc_PXFbVZmyuSJ7rr5UKfpvAOAjs4qpb2U1vF-FHA== |
| Connection | keep-alive |
| Origin-Agent-Cluster | ?1 |
| X-Content-Type-Options | nosniff |
| X-Dns-Prefetch-Control | off |
| Etag | W/"z26kygjiij7p7v" |
| X-Amz-Cf-Pop | DUS51-P3 |
| Via | 1.1 5d0912c35e9204f7d29389a532977880.cloudfront.net (CloudFront) |
| Content-Type | text/html; charset=utf-8 |
| Content-Security-Policy | connect-src 'self' *.adyen.com *.adroll.com *.amazonaws.com *.clarity.ms *.doubleclick.net *.equinox.com *.google.com *.googlesyndication.com *.mapbox.com *.onetrust.com *.my.site.com *.my.salesforce-scrt.com *.netomi.com *.snapchat.com *.splashthat.com *.vf.force.com *.visualwebsiteoptimizer.com *.mosopay.com analytics.google.com analytics.tiktok.com api.ipify.org api.ipstack.com app.vwo.com bat.bing.com cdn.cookielaw.org cdn.linkedin.oribi.io dpm.demdex.net equinox.attn.tv equinox-elastic-monitoring.apm.us-east-1.aws.found.io equinox-production.apm.us-east-1.aws.found.io equinoxfitnessclubs.tt.omtrdc.net events.attentivemobile.com google.com ipv4.icanhazip.com maps.googleapis.com sdk.iad-03.braze.com us-central1-adaptive-growth.cloudfunctions.net wss://*.amazonaws.com www.facebook.com www.google.co.in www.google.co.uk www.google.com.ph www.google-analytics.com www.googletagmanager.com;default-src 'self';font-src 'self' *.netomi.com data: assets.cdn-equinox.com use.fontawesome.com use.typekit.net;form-action 'self' *.adyen.com *.equinox.com *.my.site.com *.my.salesforce-scrt.com *.vf.force.com equinox-spa.com www.facebook.com;frame-ancestors 'self' *.salesforce.com app.contentful.com;frame-src 'self' *.adsrvr.org *.adyen.com *.doubleclick.net *.my.site.com *.my.salesforce-scrt.com *.onetrust.com *.salesforce.com *.snapchat.com *.vf.force.com *.visualwebsiteoptimizer.com *.youtube.com app.vwo.com equinox.demdex.net open.spotify.com s.tiled.co www.facebook.com youtu.be;img-src 'self' data: *.adroll.com *.adsrvr.org *.adyen.com *.amazonaws.com *.bing.com *.clarity.ms *.ctfassets.net *.doubleclick.net *.equinox.com *.liadm.com *.linkedin.com *.my.site.com *.my.salesforce-scrt.com *.netomi.com *.pubmatic.com *.vf.force.com *.visualwebsiteoptimizer.com ads.resetsrv.com ads.scorecardresearch.com app.vwo.com assets.cdn-equinox.com beacon.krxd.net braze-images.com cdn.cookielaw.org cm.everesttech.net connect.facebook.net cw.addthis.com data02.digiseg.net dis.criteo.com dpm.demdex.net dsum-sec.casalemedia.com eb2.3lift.com eqxwebdev.112.2o7.net fei.pro-market.net he.lijit.com ib.adnxs.com idsync.rlcdn.com image2.pubmatic.com maps.googleapis.com maps.gstatic.com media.cdn-equinox.com meta.resetdigital.co pippio.com pixel.rubiconproject.com px.steelhousemedia.com s.thebrighttag.com secure.adnxs.com segments.company-target.com sync.outbrain.com sync.resetdigital.co sync.taboola.com sync2.resetdigital.co tags.bluekai.com trkn.us ups.analytics.yahoo.com us-u.openx.net useruploads.vwo.io usermatch.krxd.net www.facebook.com www.google.co.in www.google.co.uk www.google.com www.google.com.ph www.google-analytics.com www.googletagmanager.com x.bidswitch.net;media-src 'self' data: videos.ctfassets.net;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adroll.com *.adyen.com *.doubleclick.net *.mapbox.com *.mountain.com *.netomi.com *.salesforce.com *.salesforceliveagent.com *.my.site.com *.my.salesforce-scrt.com *.snapchat.com *.vf.force.com *.visualwebsiteoptimizer.com a1.adform.net acdn.adnxs.com analytics.tiktok.com app.vwo.com assets.adobedtm.com bat.bing.com cdn.attn.tv cdn.cookielaw.org cdn.pdst.fm connect.facebook.net js.adsrvr.org maps.googleapis.com meta.resetdigital.co sc-static.net secure.adnxs.com snap.licdn.com s2.adform.net www.clarity.ms www.google-analytics.com www.googleadservices.com www.googletagmanager.com;style-src 'self' 'unsafe-inline' *.mapbox.com *.my.site.com *.my.salesforce-scrt.com *.netomi.com *.salesforce.com *.vf.force.com *.visualwebsiteoptimizer.com app.vwo.com p.typekit.net service.force.com use.fontawesome.com use.typekit.net;upgrade-insecure-requests;worker-src 'self' blob:;base-uri 'self';object-src 'none';script-src-attr 'none' |
| Referrer-Policy | same-origin |
| X-Download-Options | noopen |
| X-Permitted-Cross-Domain-Policies | none |
| X-Cache | Miss from cloudfront |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar