| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Connection | keep-alive |
| Server | nginx |
| Rtss | fitch_ratings-*-21 |
| X-Frame-Options | SAMEORIGIN |
| X-Amz-Cf-Id | 73HpM5XmNZZgA1Ttg9sHyQu7uOJRkj92_t7WV73-3YeLRtqKqb4zZw== |
| Referrer-Policy | strict-origin-when-cross-origin |
| X-Content-Type-Options | nosniff |
| X-Amz-Cf-Pop | AMS1-P3 |
| Date | Mon, 05 May 2025 13:49:41 GMT |
| X-Powered-By | PHP/8.1.30 |
| Vary | Cookie,Accept-Encoding |
| X-Xss-Protection | 1; mode=block |
| X-Cache | Miss from cloudfront |
| Via | 1.1 8ac1a27a8fede22f241f081ad0edec42.cloudfront.net (CloudFront) |
| Content-Type | text/html; charset=UTF-8 |
| Pragma | no-cache |
| Cache-Control | private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate |
| Content-Language | en |
| Expires | Mon, 04 Nov 2024 02:04:07 GMT |
| Strict-Transport-Security | max-age=31536000; includeSubDomains |
| Content-Security-Policy | default-src 'self' blob: *.fitchsolutions.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: assets.adobedtm.com dpm.demdex.net edge.adobedc.net ajax.googleapis.com ajax.aspnetcdn.com *.doubleclick.net td.doubleclick.net *.td.doubleclick.net *.fitchsolutions.com *.googleadservices.com googleads.g.doubleclick.net *.linkedin.com *.ads.linkedin.com linkedin.com *.ampproject.org app-lon06.marketo.com unpkg.com cdn.jsdelivr.net cdnjs.cloudflare.com reveal.clearbit.com *.googletagmanager.com players.brightcove.net *.google-analytics.com *.analytics.google.com analytics.google.com *.evidon.com cdn2.funnelenvy.com assets.map.brightcove.com your.fitchsolutions.com snap.licdn.com static.hotjar.com munchkin.marketo.net js.idio.co script.hotjar.com s.idio.co api.idio.co cdn.jsdelivr.net infogram.com e.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com infogram-download-us2.s3.eu-west-1.amazonaws.com *.clearbitscripts.com *.clearbit.com *.clearbitjs.com fx.fitchgroup.co; style-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.fitchsolutions.com *.googletagmanager.com use.fontawesome.com unpkg.com app-lon06.marketo.com cdnjs.cloudflare.com fonts.googleapis.com players.brightcove.net; object-src 'none'; frame-src 'self' *.fitchsolutions.com *.doubleclick.net *.hotjar.com bid.g.doubleclick.net *.fls.doubleclick.net td.doubleclick.net *.td.doubleclick.net infogram.com e.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com infogram-download-us2.s3.eu-west-1.amazonaws.com indd.adobe.com *.evidon.com; img-src 'self' data: cf-images.us-east-1.prod.boltdns.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.twitter.com t.co googleads.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com *.ads.linkedin.com linkedin.com *.gstatic.com *.google.co.uk *.fitchsolutions.com metrics.brightcove.com *.evidon.com *.linkedin.com p.adsymptotic.com a.idio.co *.google-analytics.com *.analytics.google.com www.google.com www.google.co td.doubleclick.net *.td.doubleclick.net www.google.co.uk www.google.com.sg; font-src 'self' data: *.fitchsolutions.com fonts.gstatic.com use.fontawesome.com; media-src 'self' blob: *.fitchsolutions.com *.boltdns.net *.brightcove.com videos.ctfassets.net *.akamaihd.net *.brightcove.net *.google-analytics.com *.analytics.google.com; connect-src 'self' blob: assets.adobedtm.com dpm.demdex.net edge.adobedc.net *.fitchsolutions.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.brightcove.com *.brightcove.net 732-ckh-767.mktoresp.com fx.fitchgroup.co *.boltdns.net *.akamaihd.net *.crazyegg.com *.idio.co *.brightcovecdn.com *.marketo.net *.fitch.group *.evidon.com *.funnelenvy.com *.google-analytics.com *.analytics.google.com fonts.googleapis.com *.piwikpro.com snap.licdn.com images.ctfassets.net fonts.gstatic.com stats.g.doubleclick.net api.sjpf.io api.fpjs.io *.hotjar.com:* vc.hotjar.io:* surveystats.hotjar.io wss://*.hotjar.com *.hotjar.com *.hotjar.io notify.bugsnag.com *.clearbit.com cdn.linkedin.oribi.io *.google-analytics.com *.analytics.google.com *.clearbit.com *.linkedin.oribi.io td.doubleclick.net *.td.doubleclick.net *.google.com px.ads.linkedin.com |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar