| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Content-Disposition | inline |
| X-Vercel-Cache | HIT |
| Strict-Transport-Security | max-age=63072000 |
| X-Frame-Options | SAMEORIGIN |
| X-Vercel-Id | fra1::ppxvg-1745047457297-d6227bd4c74d |
| Access-Control-Allow-Origin | https://www.gotransit.com/ |
| Age | 90552 |
| Cache-Control | public, max-age=0, must-revalidate |
| Content-Security-Policy | default-src 'self'; script-src 'self' 'sha256-I+yvI62KX6Z5LVtENtjL/kxF9h1ZYUggU1kDka869G0=' 'sha256-Rtjp9WRsyLj3MhvlnjNB+Q7b80U2fyLA8UDX7SxVHww=' 'sha256-r+Hrz3gg7tM7bUldj/mvD9/pNjWfRNvEHZ5xjAqMHz0=' www.google.com www.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com tagmanager.google.com ajax.googleapis.com www.youtube.com www.instagram.com platform.instagram.com connect.facebook.net platform.twitter.com maps.googleapis.com oc-cdn-public.azureedge.net js.stripe.com js.adsrvr.org acdn.adnxs.com td.doubleclick.net fls.doubleclick.net ad.doubleclick.net static.hotjar.com insight.adsrvr.org cdn.cluepixel.com; style-src 'self' 'unsafe-inline' fonts.cdnfonts.com fonts.googleapis.com oc-cdn-public.azureedge.net tagmanager.google.com www.gstatic.com; font-src 'self' fonts.cdnfonts.com *.fonts.gstatic.com fonts.gstatic.com data:; connect-src 'self' res.cloudinary.com vitals.vercel-insights.com graph.facebook.com assets.metrolinx.com https://api.gotransit.com/v2/ ae72qusyyn-dsn.algolia.net ae72qusyyn-3.algolianet.com ae72qusyyn-2.algolianet.com ae72qusyyn-1.algolianet.com maps.googleapis.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google-analytics.com *.google.com cdn.cluepixel.com ad.doubleclick.net insight.adsrvr.org; img-src 'self' res.cloudinary.com cloudinary.com assets.metrolinx.com i.ytimg.com maps.gstatic.com maps.googleapis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.googleads.g.doubleclick.net *.google.com ssl.gstatic.com www.gstatic.com *.facebook.com data: cdn.cluepixel.com ad.doubleclick.net insight.adsrvr.org mapsresources-pa.googleapis.com; media-src 'self' blob: res.cloudinary.com assets.metrolinx.com; frame-src 'self' www.youtube.com www.google.com www.instagram.com www.linkedin.com www.facebook.com platform.twitter.com outlook.office365.com oc-cdn-public.azureedge.net *.g.doubleclick.net maps.metrolinx.com *.stripe.com fls.doubleclick.net td.doubleclick.net insight.adsrvr.org match.adsrvr.org cdn.cluepixel.com ad.doubleclick.net; frame-ancestors 'self'; form-action 'self' |
| X-Matched-Path | /en |
| Content-Type | text/html; charset=utf-8 |
| Date | Sat, 19 Apr 2025 07:24:17 GMT |
| Etag | W/"cca2cdc9cc2f65a53306ae2781d87ebe" |
| Server | Vercel |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar