| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Vary | Accept-Encoding |
| X-Cache | HIT, MISS |
| Connection | keep-alive |
| Content-Security-Policy | frame-ancestors 'self'; |
| X-Clean-Url | / |
| X-Cache-Hits | 0, 0 |
| Age | 2257 |
| Access-Control-Allow-Origin | * |
| Cache-Control | max-age=900, stale-while-revalidate=7200 |
| Accept-Ch | ECT |
| X-Timer | S1744941355.002733,VS0,VE1 |
| Report-To | {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=FbQNRzRqM_1Q.0f3g5twmLRHdUDG_bH.xA5z1ddopno-1744941355-1.0.1.1-4ywNJ7ulRY1m.81gP4EY.6O4NZLFp3b4OvQHS2YSPjoaBqGMD_0zR8cSGRDR.rNzRkG_9qV2pTuEFfKL4QkRAhKGjL7avtqgXM421Yi8INnHB.ZaWp33l32k6v39zyPq9CqaW6CZg.STede1W1KBqJTEvN00y6CI0lmpyFICCWEOjVu4fq1xIIgA2E3NacakrdKDj_QJUxgEToWDDGVhSA"}],"group":"cf-vzincyrcbrxpgswd","max_age":86400} |
| Cf-Ray | 93208aec5a39d8d0-AMS |
| X-Restarts | 0 |
| X-Original-Host | www.hims.com |
| Set-Cookie | nginx_cache=HIT-STALE-CLUSTER |
| Date | Fri, 18 Apr 2025 01:55:55 GMT |
| Accept-Ch-Lifetime | 86400 |
| X-Served-By | cache-rtm-ehrd2290030-RTM |
| Server | cloudflare |
| Via | 1.1 varnish, 1.1 varnish |
| Referrer-Policy | strict-origin-when-cross-origin |
| X-Content-Type-Options | nosniff |
| Cf-Cache-Status | DYNAMIC |
| Content-Security-Policy-Report-Only | base-uri 'self'; connect-src 'self' amplitude.com *.amplitude.com appboycdn.com *.appboycdn.com browser-intake-datadoghq.com *.browser-intake-datadoghq.com auth0.com *.auth0.com stripe.com *.stripe.com transcend.io *.transcend.io transcend-cdn.com *.transcend-cdn.com us-central1-clubroom-prod.cloudfunctions.net *.us-central1-clubroom-prod.cloudfunctions.net hotjar.com *.hotjar.com google-analytics.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.google.com google.com braze.com *.braze.com api.pwnedpasswords.com hims.com *.hims.com *.unpkg.com unpkg.com api.yotpo.com forhims.com cloudinary.forhims.com messaging-rest-staging.forhims.com api.forhims.com vc.hotjar.io wss://ws.hotjar.com cdn.jsdelivr.net maps.googleapis.com translate-pa.googleapis.com *.googlesyndication.com https://www.google.com:443/ccm/collect https://www.google.com/ccm/collect www.googletagmanager.com https://www.google.com translate.googleapis.com clientstream.launchdarkly.com global.vss.twilio.com; default-src 'none'; font-src 'self' gstatic.com *.gstatic.com jsdelivr.net *.jsdelivr.net use.fontawesome.com *.hims.dev data: cdn.ivaws.com cdn.honey.io static.rakuten.com; form-action 'self'; frame-src 'self' youtube.com *.youtube.com stripe.com *.stripe.com auth0.com *.auth0.com googletagmanager.com *.googletagmanager.com tm.hims.com *.tm.hims.com google.com *.google.com *.adyen.com td.doubleclick.net forhims.atlassian.net; img-src 'self' blob: data: amplitude.com *.amplitude.com appboycdn.com *.appboycdn.com atlassian.net *.atlassian.net aws-us-east-prod-web-assets.s3.amazonaws.com *.aws-us-east-prod-web-assets.s3.amazonaws.com braze.com *.braze.com cloudflare.com *.cloudflare.com d3e54v103j8qbb.cloudfront.net *.d3e54v103j8qbb.cloudfront.net facebook.net *.facebook.net forhims.com *.forhims.com google.com *.google.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com hims.com *.hims.com hotjar.com *.hotjar.com jsdelivr.net *.jsdelivr.net transcend.io *.transcend.io transcend-cdn.com *.transcend-cdn.com unpkg.com *.unpkg.com yotpo.com *.yotpo.com youtube.com *.youtube.com static.legitscript.com *.googleadservices.com sslwidget.criteo.com tr.snapchat.com analytics.twitter.com t.co ct.pinterest.com alb.reddit.com g.doubleclick.net bat.bing.com mgln.ai www.facebook.com googleads.g.doubleclick.net cdn.buttercms.com insight.adsrvr.org tags.srv.stackadapt.com bh.contextweb.com ad.ipredictive.com cm.g.doubleclick.net res.cloudinary.com i.ytimg.com https://insight.adsrvr.org/track/pxl/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/828688373/ www.googleadservices.com *.www.googleadservices.com r.casalemedia.com x.bidswitch.net; manifest-src www.hims.com; media-src 'self' blob:; object-src 'none'; script-src 'self' amplitude.com *.amplitude.com appboycdn.com *.appboycdn.com atlassian.net *.atlassian.net auth0.com *.auth0.com aws-us-east-prod-web-assets.s3.amazonaws.com *.aws-us-east-prod-web-assets.s3.amazonaws.com braze.com *.braze.com browser-intake-datadoghq.com *.browser-intake-datadoghq.com cloudflare.com *.cloudflare.com d3e54v103j8qbb.cloudfront.net *.d3e54v103j8qbb.cloudfront.net facebook.net *.facebook.net forhims.com *.forhims.com google.com *.google.com googleadservices.com *.googleadservices.com googlesyndication.com *.googlesyndication.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com hims.com *.hims.com hotjar.com *.hotjar.com jquery.com *.jquery.com jsdelivr.net *.jsdelivr.net maps.googleapis.com *.maps.googleapis.com twilio.com *.twilio.com transcend.io *.transcend.io transcend-cdn.com *.transcend-cdn.com stripe.com *.stripe.com unpkg.com *.unpkg.com us-central1-clubroom-prod.cloudfunctions.net *.us-central1-clubroom-prod.cloudfunctions.net yotpo.com *.yotpo.com youtube.com *.youtube.com 'unsafe-eval' 'unsafe-inline' checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com blob:; style-src 'self' 'unsafe-inline' jsdelivr.net *.jsdelivr.net googleapis.com *.googleapis.com transcend-cdn.com use.fontawesome.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=FbQNRzRqM_1Q.0f3g5twmLRHdUDG_bH.xA5z1ddopno-1744941355-1.0.1.1-4ywNJ7ulRY1m.81gP4EY.6O4NZLFp3b4OvQHS2YSPjoaBqGMD_0zR8cSGRDR.rNzRkG_9qV2pTuEFfKL4QkRAhKGjL7avtqgXM421Yi8INnHB.ZaWp33l32k6v39zyPq9CqaW6CZg.STede1W1KBqJTEvN00y6CI0lmpyFICCWEOjVu4fq1xIIgA2E3NacakrdKDj_QJUxgEToWDDGVhSA; report-to cf-vzincyrcbrxpgswd |
| Content-Type | text/html; charset=utf-8 |
| Link | <https://www.googletagmanager.com>; rel="preconnect", <https://api.amplitude.com>; rel="preconnect", <https://cdn.amplitude.com>; rel="preconnect" |
| X-Store-Render-Method | sync |
| Strict-Transport-Security | max-age=31536000; includeSubDomains |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar