HTTP Headers report for hqhair.com

Header Name	Header Data
HTTP status code	200
X-Served-By	cache-lon420137-LON, cache-lon420140-LON, cache-ams21063-AMS
Vary	accept-encoding
Strict-Transport-Security	max-age=31557600
Connection	keep-alive
Content-Type	text/html;charset=UTF-8
Accept-Ranges	bytes
Cache-Control	private, max-age=0, no-cache, no-store, must-revalidate
X-Cache	MISS, MISS, MISS
Pragma	no-cache
Content-Security-Policy	child-src 'self' https://www.googletagmanager.com https://.liveperson.net https://cdn.appdynamics.com https://.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://.google.com https://widget.trustpilot.com https://.doubleclick.net https://smct.co https://.smct.co https://smct.io https://.smct.io https://d2d7do8qaecbru.cloudfront.net https://.ringcentral.com https://hcaptcha.com https://.hcaptcha.com https://www.youtube.com https://www.zenaps.com https://.criteo.com https://static.criteo.net https://player.vimeo.com https://isitetv.com https://ln-rules.rewardstyle.com https://wb.messengerpeople.com https://.recaptcha.net https://vars.hotjar.com https://.akamaihd.net https://.translate.naver.net https://www.shoplooks.com https://tr.snapchat.com blob:; connect-src 'self' https://.thcdn.com https://.ingest.sentry.io https://.pingdom.net https://.doubleclick.net https://.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://.google.com https://.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org wss://.liveperson.net https://.liveperson.net https://.lpsnmedia.net https://smct.co https://.smct.co https://smct.io https://.smct.io https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://.ringcentral.com wss://.ringcentral.com https://hcaptcha.com https://.hcaptcha.com https://beacon.rum.dynapis.com https://services.postcodeanywhere.co.uk https://.akamaihd.net https://.sciencebehindecommerce.com https://vc.hotjar.io https://.hotjar.com wss://.hotjar.com https://.googleapis.com https://.trustpilot.com https://.pinterest.com https://.doubleclick.net https://.bing.com https://connect.facebook.net https://.baidu.com https://.parcellab.com https://.contentsquare.net https://.criteo.com; font-src 'self' data: https://.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://.ringcentral.com; form-action 'self' https://www.facebook.com https://www.hqhair.com https://m.hqhair.com https://checkout.hqhair.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://.lpsnmedia.net https://.doubleclick.net https://www.google-analytics.com https://.google.com https://cx.atdmt.com https://www.zenaps.com https://.ringcentral.com https:; object-src 'self' https://.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://.thcdn.com https://.thehut.net https://rum-static.pingdom.net https://.liveperson.net https://.lpsnmedia.net https://.doubleclick.net https://static.cdn-apple.com https://.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://smct.co https://.smct.co https://smct.io https://.smct.io https://.ringcentral.com https://hcaptcha.com https://.hcaptcha.com https://challenges.cloudflare.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://.google.com https://connect.facebook.net https://.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://.criteo.com https://static.criteo.net https://dyn-beacon.akamaized.net https://ln-rules.rewardstyle.com https://.recaptcha.net https://.akamaihd.net https://.sciencebehindecommerce.com https://www.gstatic.cn https://.shoplooks.com https://slooks.top https://slooks.me https://static.hotjar.com https://script.hotjar.com https://.microsofttranslator.com https://google.com https://.trustpilot.com https://.translate.naver.net https://.doubleclick.net https://.google-analytics.com https://.baidu.com https://sc-static.net https://.google.co.uk https://google.co.uk https://.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://.thcdn.com https://.google.com https://.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://.lpsnmedia.net https://.liveperson.net https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://.ringcentral.com https://hcaptcha.com https://.hcaptcha.com https://.shoplooks.com https://.googleapis.com https://.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint
X-Frame-Options	SAMEORIGIN
Set-Cookie	JSESSIONID=7D7463E55D806EF20287BB8B483EC52F; Path=/; Secure; HttpOnly; SameSite=Lax
Referrer-Policy	unsafe-url
Date	Mon, 07 Apr 2025 18:25:14 GMT
Alt-Svc	h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
X-Timer	S1744050315.898978,VS0,VE14
Expires	Thu, 01 Jan 1970 00:00:00 GMT
X-Content-Type-Options	nosniff
Via	1.1 varnish, 1.1 varnish, 1.1 varnish
Report-To	{"group":"report-endpoint","max_age":86400,"endpoints":[{"url":"https://csp.thehut.net/cspReport.txt","priority":1,"weight":1}],"include_subdomains":true}
X-Cache-Hits	0, 0, 0

About the tool

By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.

This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.

We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.

Watch it now at TrustRadar