| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Access-Control-Allow-Headers | Content-Type, Authorization,X-Requested-With |
| Content-Security-Policy | upgrade-insecure-requests; script-src 'self' *.harborfreight.com cnstrc.com widgets.turnto.com www.redditstatic.com ads.nextdoor.com *.perimeterx.net *.px-cdn.net *.px-cloud.net *.pxchk.net *.px-client.net cdn.mxpnl.com s.trackonomics.net client.px-cloud.net t.ssl.ak.dynamic.tiles.virtualearth.net dev.virtualearth.net tpc.googlesyndication.com ygscdn.azureedge.net analytics.tiktok.com login-ds.dotomi.com login.dotomi.com api.securedvisit.com track.securedvisit.com content.securedvisit.com track.sv.rkdms.com images.securedvisit.com tr2.smarterhq.io members.cj.com cj.com cdn.480app.com cdn.cookielaw.org view.publitas.com pixel.mathtag.com *.cdn-net.com *.accdab.net *.dynamicyield.com *.oracleinfinity.io *.googletagmanager.com bat.bing.com www.youtube.com s.ytimg.com *.bing.com *.vimeo.com cdns.brsrvr.com www.google-analytics.com *.adobetag.com *.gstatic.com cdn.tt.omtrdc.net harborfreight.tt.omtrdc.net px.owneriq.net *.res-x.com *.google.com *.igodigital.com *.akamaihd.net *.googleadservices.com *.google-analytics.com *.doubleclick.net *.demdex.net *.mouseflow.com *.fastly.net *.sitelabweb.com mpsnare.iesnare.com *.googleapis.com *.facebook.net *.facebook.com *.newrelic.com *.nr-data.net *.nmgassets.com *.turnto.com *.wandzcdn.com *.wandzapi.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.harborfreight.com www.googletagmanager.com rwww.bing.com www.bing.com r.bing.com members.cj.com cj.com *.dynamicyield.com *.googleapis.com *.akamaihd.net *.turnto.com *.vimeo.com *.fontawesome.com tagmanager.google.com 'unsafe-inline'; img-src 'self' blob: data: alb.reddit.com icon.parcellab.com cdn.parcellab.com ad.doubleclick.net flask.nextdoor.com pippio.com www.bing.com r.bing.com t.ssl.ak.dynamic.tiles.virtualearth.net region1.google-analytics.com region1.analytics.google.com login.dotomi.com 805793671.privacysandbox.googleadservices.com crrecommendedmark.org analytics.tiktok.com 10563850.fls.doubleclick.net login-ds.dotomi.com api.securedvisit.com track.securedvisit.com content.securedvisit.com track.sv.rkdms.com images.securedvisit.com *.cdnwidget.com tr2.smarterhq.io cdn.cookielaw.org cdn.dynamicyield.com *.harborfreight.com pixel.mathtag.com *.oracleinfinity.io *.googletagmanager.com cx.atdmt.com www.googleadservices.com bat.bing.com p.brsrvr.com *.akamaihd.net akamai.mathtag.com *.edgecastcdn.net images.turnto.com *.www.turnto.com *.youtube.com *.ytimg.com *.vimeocdn.com px.owneriq.net *.g.doubleclick.net www.google-analytics.com *.ggpht.com *.google.com images.scanalert.com *.facebook.com scontent.xx.fbcdn.net ssl.gstatic.com *.sitelabweb.com *.igodigital.com *.cloudinary.com *.googleapis.com *.abmr.net *.gstatic.com *.nr-data.net *.norton.com *.nmgplatform.com *.marinsm.com cdn.ywxi.net; worker-src blob: 'self' *.perimeterx.net *.px-cdn.net *.px-cloud.net *.pxchk.net *.px-client.net *.akamaihd.net player.vimeo.com www.google.com *.youtube.com youtube.com *.cloudinary.com *.facebook.com *.nr-data.net *.apply2jobs.com; connect-src 'self' *.harborfreight.com ac.cnstrc.com images.turnto.com cdn-ws.turnto.com ws.turnto.com we.turnto.com hft-prod.actioniq.mr-in.com www.redditstatic.com pixel-config.reddit.com conversions-config.reddit.com *.brsrvr.com www.googletagmanager.com analytics.pangle-ads.com pagead2.googlesyndication.com direct-collect.dy-api.com gs.nmgassets.com *.px-client.net privacyportal-harborfreight.my.onetrust.com s.tracknomics.net *.px-cdn.net *.px-cloud.net *.pxchk.net t.ssl.ak.tiles.virtualearth.net t.ssl.ak.dynamic.tiles.virtualearth.net dev.virtualearth.net www.bing.com region1.google-analytics.com region1.analytics.google.com ascpqnj-oam.global.ssl.fastly.net maps.googleapis.com analytics.google.com crrecommendedmark.org analytics.tiktok.com *.cdnwidget.com *.cdnbasket.net tr2.smarterhq.io pixel.mathtag.com privacyportal.onetrust.com cdn.cookielaw.org *.accdab.net *.dynamicyield.com www.facebook.com *.nmgplatform.com *.demdex.net *.sitelabweb.com *.nr-data.net *.akamaihd.net *.cloudinary.com *.google-analytics.com *.mouseflow.com *.doubleclick.net vimeo.com fonts.googleapis.com use.fontawesome.com fonts.gstatic.com bat.bing.com *.wandzcdn.com *.wandzapi.com |
| X-Cache | MISS |
| Date | Mon, 07 Apr 2025 14:22:47 GMT |
| Set-Cookie | _pxhd=ae9111b5eb65037b8e57f07becd198ccb22bcc268dc9fad23ad578e105b55a05:c74b7174-13bb-11f0-8958-5ff6430305ed; Max-Age=31536000; path=/; SameSite=Lax |
| Access-Control-Allow-Credentials | true |
| Access-Control-Allow-Origin | https://www.harborfreight.com |
| Vary | Origin |
| Content-Length | 5645 |
| Retry-After | 0 |
| Accept-Ranges | bytes |
| X-Served-By | cache-ams2100127-AMS |
| X-Cache-Hits | 0 |
| Access-Control-Allow-Methods | GET,HEAD,POST,OPTIONS |
| Content-Type | text/html |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar