HTTP Headers report for garp.org

Header Name	Header Data
HTTP status code	200
X-Evy-Trace-Route-Service-Name	envoyset-translator
Connection	keep-alive
Cf-Ray	931703412e11bd9c-AMS
Content-Security-Policy-Report-Only	default-src 'self'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' .googletagmanager.com kit.fontawesome.com .hsadspixel.net .hs-analytics.net js.hscta.net .hubspot.com static.hsappstatic.net .usemessages.com .hs-banner.com .hubspotusercontent00.net .hubspotusercontent10.net .hubspotusercontent20.net .hubspotusercontent30.net .hubspotusercontent40.net .hubspot.net www.garp.org .hscollectedforms.net .hsleadflows.net .hsforms.net .hsforms.com .hs-scripts.com .hubspotfeedback.com feedback.hubapi.com; style-src 'self' 'unsafe-inline' .hubspotusercontent00.net .hubspotusercontent10.net .hubspotusercontent20.net .hubspotusercontent30.net .hubspotusercontent40.net cdn2.hubspot.net www.garp.org static.hsappstatic.net; img-src https: 'self' 'unsafe-eval' js.hscta.net no-cache.hubspot.com .hubspot.com .hubspotusercontent00.net .hubspotusercontent10.net .hubspotusercontent20.net .hubspotusercontent30.net .hubspotusercontent40.net .hubspot.net cdn2.hubspot.net .hsforms.net .hsforms.com s3-us-west-2.amazonaws.com; font-src 'self' ka-p.fontawesome.com; connect-src 'self' .google.com .googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net .vidyard.com .fontawesome.com content.hotjar.io .hotjar.com wss://wsp14.hotjar.com wss://wsp43.hotjar.com/api/v2/client/ws stats.g.doubleclick.net static.libsyn.com cdn.linkedin.oribi.io .hubapi.com js.hscta.net .hubspot.com .hs-banner.com .hscollectedforms.net .hsforms.com bat.bing.com hm.baidu.com; object-src 'none'; media-src 'self'; frame-src html5-player.libsyn.com forms.hsforms.com .hubspot.com .hs-sites.com .hubspot.net play.hubspotvideo.com www.garp.org .hsforms.net .hsforms.com .googletagmanager.com .twitter.com .facebook.com fast.wistia.net *.youtube.com; base-uri 'self'; report-to /csp-violation-report-endpoint/;
Cf-Cache-Status	EXPIRED
Vary	origin, Accept-Encoding
Alt-Svc	h3=":443"; ma=86400
Cache-Control	s-maxage=5,max-age=5
X-Evy-Trace-Virtual-Host	all
X-Frame-Options	sameorigin
X-Hubspot-Correlation-Id	e4dfc409-b589-42bb-bf5c-2ed2aaee9aeb
Server	cloudflare
Content-Type	text/html;charset=utf-8
X-Evy-Trace-Served-By-Pod	iad02/cms-20-29-td/envoy-proxy-668dc6dd5d-76p7f
X-Hubspot-Notfound	true
Nel	{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
X-Hs-Reason	No view mapper found to handle request
Date	Wed, 16 Apr 2025 22:10:26 GMT
Content-Security-Policy	default-src 'self'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' .googletagmanager.com kit.fontawesome.com .hsadspixel.net .hs-analytics.net js.hscta.net .hubspot.com static.hsappstatic.net .usemessages.com .hs-banner.com .hubspotusercontent00.net .hubspotusercontent10.net .hubspotusercontent20.net .hubspotusercontent30.net .hubspotusercontent40.net .hubspot.net www.garp.org .hscollectedforms.net .hsleadflows.net .hsforms.net .hsforms.com .hs-scripts.com .hubspotfeedback.com feedback.hubapi.com 'strict-dynamic' 'nonce-sBIqnBTABsRTQ0ThFCI7ng=='; style-src 'self' 'unsafe-inline' .hubspotusercontent00.net .hubspotusercontent10.net .hubspotusercontent20.net .hubspotusercontent30.net .hubspotusercontent40.net cdn2.hubspot.net www.garp.org static.hsappstatic.net; img-src https: 'self' 'unsafe-eval' js.hscta.net no-cache.hubspot.com .hubspot.com .hubspotusercontent00.net .hubspotusercontent10.net .hubspotusercontent20.net .hubspotusercontent30.net .hubspotusercontent40.net .hubspot.net cdn2.hubspot.net .hsforms.net .hsforms.com s3-us-west-2.amazonaws.com; font-src 'self' ka-p.fontawesome.com; connect-src 'self' .google.com .googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net .vidyard.com .fontawesome.com content.hotjar.io .hotjar.com wss://wsp14.hotjar.com wss://wsp43.hotjar.com/api/v2/client/ws stats.g.doubleclick.net static.libsyn.com cdn.linkedin.oribi.io .hubapi.com js.hscta.net .hubspot.com .hs-banner.com .hscollectedforms.net .hsforms.com bat.bing.com hm.baidu.com; object-src 'none'; media-src 'self'; frame-src html5-player.libsyn.com forms.hsforms.com .hubspot.com .hs-sites.com .hubspot.net play.hubspotvideo.com www.garp.org .hsforms.net .hsforms.com .googletagmanager.com .twitter.com .facebook.com fast.wistia.net *.youtube.com; base-uri 'self'; report-to /csp-violation-report-endpoint/; upgrade-insecure-requests
X-Content-Type-Options	nosniff
X-Evy-Trace-Listener	listener_https
X-Envoy-Upstream-Service-Time	157
X-Evy-Trace-Route-Configuration	listener_https/all
X-Request-Id	e4dfc409-b589-42bb-bf5c-2ed2aaee9aeb
X-Xss-Protection	1
Report-To	{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N0FDoxgNOqKO%2FLDyP9pQmuoQCbTNMXFIQEY8ifdzm%2FZfv8tffxgxASBkFrmSv70IlC%2FJyJv7JD0RstaSjwOfAU336sa1PphBqjQCi8r0ouX7lJX%2FR1F1Ppik"}],"group":"cf-nel","max_age":604800}
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Credentials	false

About the tool

By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.

This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.

We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.

Watch it now at TrustRadar