| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| X-Varnish | 599082 596246 |
| Date | Sat, 19 Apr 2025 06:53:25 GMT |
| Cf-Cache-Status | DYNAMIC |
| X-Content-Type-Options | nosniff |
| Content-Type | text/html; charset=UTF-8 |
| Vary | accept-encoding |
| Pragma | no-cache |
| X-Host | www.highpointscientific.com |
| Server | cloudflare |
| Server-Timing | cfL4;desc="?proto=TCP&rtt=863&min_rtt=795&rtt_var=270&sent=5&recv=8&lost=0&retrans=0&sent_bytes=4221&recv_bytes=1858&delivery_rate=4768386&cwnd=251&unsent_bytes=0&cid=5343d5c4fedc8355&ts=356&x=0" |
| Connection | keep-alive |
| Content-Security-Policy-Report-Only | font-src fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.stamped.io *.yotpo.com *.googleapis.com *.gstatic.com www.highpointscientific.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com www.highpointscientific.com 'self' 'unsafe-inline'; frame-ancestors www.highpointscientific.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.getbread.com *.breadpayments.com *.rbcpayplan.com cdn.dnky.co *.hotjar.com *.google.com *.facebook.com *.trustpilot.com *.criteo.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.refersion.com *.livechatinc.com *.braintreegateway.com *.kaptcha.com www.paypalobjects.com *.affirm.com www.xtento.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com www.highpointscientific.com form.123formbuilder.com s7.addthis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.bird.eu *.getbread.com *.breadpayments.com *.rbcpayplan.com maps.gstatic.com *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com www.gstatic.com *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net https://helloextend-static-assets.s3.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://img.youtube.com https://meetanshi.com/media/logo.png www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.googleapis.com *.cloudfront.net *.stamped.io *.amazonaws.com *.userway.org verify.authorize.net scontent.cdninstagram.com *.affirm.com *.routeapp.io *.searchspring.net *.bing.com *.zonos.com www.xtento.com cdn.xtento.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net www.highpointscientific.com kdzs54.a.searchspring.io phosphor.utils.elfsightcdn.com www.highpointscientific.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com f.vimeocdn.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.googleapis.com *.paypal.com *.google.com *.gstatic.com *.googletagmanager.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com static.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com https://*.helloextend.com https://browser.sentry-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ cdn.routeapp.io fonts.googleapis.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.refersion.com maps.googleapis.com maps.gstatic.com www.google.com https://translate.google.com translate.googleapis.com www.gstatic.com includes.ccdc02.com cdn.inspectlet.com *.stamped.io *.livechatinc.com *.userway.org www.klarnapayments.com *.affirm.com *.routeapp.io *.searchspring.net *.bing.com *.zonos.com www.xtento.com cdn.xtento.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com www.highpointscientific.com apps.elfsight.com m.addthis.com static.elfsight.com v1.addthisedge.com www.highpointscientific.com z.moatads.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net https://fonts.googleapis.com https://static.klaviyo.com fonts.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.stamped.io www.klarnapayments.com *.searchspring.net *.yotpo.com www.highpointscientific.com 'self' 'unsafe-inline'; object-src www.highpointscientific.com 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.zopim.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ static.zdassets.com www.highpointscientific.com 'self' 'unsafe-inline'; manifest-src www.highpointscientific.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.googleapis.com *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net ekr.zdassets.com *.hotjar.com *.hotjar.io wss://widget-mediator.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms *.facebook.com *.datatrics.com https://*.helloextend.com https://*.ingest.sentry.io *.sentry.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.route.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.refersion.com *.authorize.net hn.inspectlet.com stamped.io *.braintreegateway.com *.livechatinc.com *.userway.org graph.instagram.com *.affirm.com *.route.com *.klaviyo.com *.searchspring.io *.zonos.com *.yotpo.com https://imgs.signifyd.com www.highpointscientific.com apps.elfsight.com helloextend-static-assets.s3.amazonaws.com storage.elfsight.com m.addthis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.highpointscientific.com http: https: blob: 'self' 'unsafe-inline'; default-src www.highpointscientific.com checkout.getbread.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.highpointscientific.com 'self' 'unsafe-inline'; report-uri /csp_reporter.php; |
| X-Cache-Via | varnish |
| Report-To | {"group":"report-endpoint","max_age":10886400,"endpoints":[{"url":"\/csp_reporter.php"}]} |
| X-Cache | HIT |
| X-Cache-Nxaccel | BYPASS |
| X-Frame-Options | SAMEORIGIN |
| X-Varnish-Age | 6720 |
| Cf-Ray | 932a7c15883fe690-AMS |
| Cache-Control | no-store, no-cache, must-revalidate, max-age=0 |
| Expires | -1 |
| X-Xss-Protection | 1; mode=block |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar