HTTP Headers report for foreverliving.com

Header Name	Header Data
HTTP status code	200
Vary	origin,accept-encoding
X-Oneagent-Js-Injection	true
Cache-Control	no-cache, no-store, must-revalidate
Expires	Thu, 01 Jan 1970 00:00:00 GMT
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block
Set-Cookie	GEOLOCATION=NLD\|52.349998474121094\|4.916999816894531; Domain=foreverliving.com; Path=/; Secure; HttpOnly
Content-Language	en-US
Date	Tue, 08 Apr 2025 03:21:00 GMT
Server	nginx
X-Content-Type-Options	nosniff
Content-Security-Policy	default-src 'self' blob:; img-src 'self' .ecpay.com.tw .boxcdn.net .maropost.com .amazonaws.com .adyen.com .cloudfront.net .userlike.com flp-service.zendesk.com static.zdassets.com consent.cookiefirst.com .ytimg.com .livehelpnow.net .pcdn.co .sharethis.com .contentsquare.net .content-square.fr .contentsquare.com .googleapis.com .s3.us-east-1.amazonaws.com .s3.us-east-2.amazonaws.com .gstatic.com .clicktale.net pixy.org .chargebee.com .nextsphere.com .ppipe.net .myecheck.com .oppwa.com .flptitan.com .foreverliving.com .flpi.com foreverliving.com seeklogo.com stats.g.doubleclick.net .google.com www.google.com.sg data: www.google.co.in .vimeocdn.com .youtube.com .s3.amazonaws.com x1.xingassets.com blob: oppwa.com .google-analytics.com s3-us-west-2.amazonaws.com .facebook.com .googletagmanager.com .boxcloud.com app.tlinky.com .fedex.com tile.openstreetmap.org .google.co.uk sp.tinymce.com .tinymce.com .google.ie ecpg-stage.ecpay.com.tw widgets.trustedshops.com .google.com.mm; script-src 'self' .ecpay.com.tw .userlike.com .cdn01.boxcdn.net api.smooch.io .adyen.com .nexiopay.com .cdn.jsdelivr.net .jsdelivr.net .amazonaws.com .worldpay.com .cloudfront.net .mgipayments.com .boxcdn.net .boxcloud.com .box.com .s3-eu-west-1.amazonaws.com .payvision.com .siteprerender.com siteprerender.com .google.com .mgr.consensu.org .livehelpnow.net .contentsquare.net .content-square.fr .contentsquare.com .sharethis.com walls.io .facebook.net .cdn-javascript.net cdn-javascript.net x-apple-ql-id .static-resource.com static-resource.com flpqa.com flp.com flp360.social .flpqa.com .flp.com .flp360.social .clicksapp.net clicksapp.net .s3.us-east-1.amazonaws.com .clicktale.net .chargebee.com .authorize.net .ppipe.net www.youtube.com .oppwa.com .s3-us-west-2.amazonaws.com .myecheck.com .googleapis.com .flptitan.com foreverliving.com .foreverliving.com .flpi.com .cloudflare.com .bootstrapcdn.com .s3.amazonaws.com .dropbox.com .nextsphere.com www.googletagmanager.com .google-analytics.com blob: .gstatic.com test.acaptureservices.com .clicksafe.lloydstsb.com oppwa.com acaptureservices.com consent.cookiefirst.com dl.dropboxusercontent.com graph.microsoft.com static.zdassets.com js.live.net cdn.tiny.cloud .paypal.com .b-cdn.net ecpg-stage.ecpay.com.tw js.hs-scripts.com clickapp.net .nexiopaysandbox.com .tiny.cloud .paypalobjects.com app.tlinky.com widgets.trustedshops.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' .ecpay.com.tw .livehelpnow.net .adyen.com .cookiefirst.com .clicktale.net .chargebee.com .cdn.jsdelivr.net .contentsquare.net .content-square.fr .contentsquare.com .google-analytics.com .nextsphere.com x-apple-ql-id .s3-us-west-2.amazonaws.com .ppipe.net .typekit.net .oppwa.com .myecheck.com sp.tinymce.com .tinymce.com cdn.tiny.cloud .tiny.cloud .acaptureservices.com .flptitan.com .foreverliving.com foreverliving.com .flpi.com .google.com fonts.googleapis.com cdnjs.cloudflare.com ecpg-stage.ecpay.com.tw oppwa.com .s3.amazonaws.com maxcdn.bootstrapcdn.com app.tlinky.com .nexiopaysandbox.com .nexiopay.com .boxcdn.net googletagmanager.com cdn.honey.io 'unsafe-inline'; font-src 'self' .ecpay.com.tw .boxcdn.net .cdn01.boxcdn.net .nexiopay.com .box.com .cdn.jsdelivr.net .cloudfront.net .livehelpnow.net .clicktale.net .chargebee.com .nextsphere.com .ppipe.net .contentsquare.net .content-square.fr .contentsquare.com .typekit.net .myecheck.com flpqa.com flp.com flp360.social .flpqa.com .flp.com .flp360.social .bootstrapcdn.com .oppwa.com .flptitanqa.com .flptitan.com .foreverliving.com foreverliving.com .flpi.com ecpg-stage.ecpay.com.tw data: cdnjs.cloudflare.com fonts.gstatic.com .b-cdn.net .s3.amazonaws.com oppwa.com 'unsafe-inline'; connect-src 'self' wss://umd.userlike.com wss://chat.userlike.com .nexiopay.com .s3.us-east-2.amazonaws.com v2.zopim.com ekr. flp-service.zendesk.com .1drv.com .cloudfront.net .cookiefirst.com .adyen.com .userlike.com .box.com .boxcloud.com api.ipify.org .livehelpnow.net .consensu.org .vimeocdn.com cdn.tiny.cloud .tiny.cloud .contentsquare.net .content-square.fr .contentsquare.com .sharethis.com .googleapis.com www.google.com.sg stats.g.doubleclick.net www.facebook.com .s3.us-west-2.amazonaws.com .socialsales.io .clicktale.net sp.tinymce.com .tinymce.com .nextsphere.com .ppipe.net vimeo.com .authorize.net .myecheck.com .oppwa.com .flpi.com s3-us-west-2.amazonaws.com .s3.amazonaws.com .acaptureservices.com .s3-us-west-2.amazonaws.com .chargebee.com .google.com oppwa.com .mgipayments.com .google-analytics.com www.googletagmanager.com graph.microsoft.com google.com .worldpay.com .zdassets.com .trustedshops.com api.trustbadge.etrusted.com trustbadge.api.etrusted.com logging.trustbadge.com dl.dropboxusercontent.com .google.co.in youtube.com .boxcdn.net .youtube.com wss://api.smooch.io .s3-eu-west-1.amazonaws.com js.live.net connect.facebook.net js.hs-scripts.com .gstatic.com clickapp.net cdn.jsdelivr.net static-resource.com cdn-javascript.net .nexiopaysandbox.com .flptitan.com ecpg-stage.ecpay.com.tw tile.openstreetmap.org flptitan.com foreverliving.com app.tlinky.com .fbo.flptitan.com .foreverliving.com .fbo.foreverliving.com www.dropbox.com .ecpay.com.tw zendesk-eu.my.sentry.io data: blob:; media-src 'self' .boxcdn.net .amazonaws.com .userlike.com .flptitan.com app.tlinky.com .cloudfront.net .youtube.com .youtu.be .foreverliving.com .s3-us-west-2.amazonaws.com .s3.us-west-2.amazonaws.com blob:; frame-src 'self' .datatrans.com .mfgroup.ch .nexiopay.com .ngenius-payments.com .boxcdn.net .flpqa.com .userlike.com .adyen.com .amazonaws.com .cloudfront.net .facebook.com .mgipayments.com .livehelpnow.net .sandbox.ngenius-payments.com .acehubpaymentservices.com .contentsquare.net .content-square.fr .contentsquare.com .sharethis.com .mgr.consensu.org walls.io .chargebee.com x-apple-ql-id .youtube.com .ppipe.net .socialsales.io socialsales.io .worldpay.com .nextsphere.com vimeo.com .oppwa.com .myecheck.com .acaptureservices.com .flptitan.com .foreverliving.com .clicksafe.lloydstsb.com foreverliving.com flptitan.com .boxcloud.com .flpi.com .google.com .vimeo.com oppwa.com dl.dropboxusercontent.com graph.microsoft.com acs-public.tp.mastercard.com content.googleapis.com .nexiopaysandbox.com app.tlinky.com youtu.be youtube.com .cardinalcommerce.com; frame-ancestors 'self' .socialsales.io socialsales.io .nexiopay.com foreverliving.com .foreverliving.com .flptitan.com flptitan.com .contentsquare.net .flptitan.com:8080 .content-square.fr .contentsquare.com .chargebee.com youtu.be app.tlinky.com flpqa.com flp.com flp360.social .flpqa.com .nexiopaysandbox.com .boxcdn.net .flp.com .flp360.social vimeo.com .vimeo.com .youtube.com youtube.com .worldpay.com
Server-Timing	dtSInfo;desc="1"
Content-Type	text/html;charset=UTF-8
Connection	keep-alive
Pragma	no-cache
Access-Control-Expose-Headers	Access-Control-Allow-Origin,Access-Control-Allow-Credentials

About the tool

By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.

This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.

We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.

Watch it now at TrustRadar