| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| X-Amz-Cf-Pop | AMS1-C1 |
| Date | Mon, 07 Apr 2025 16:09:01 GMT |
| Server | Apache |
| Strict-Transport-Security | max-age=31536000; includeSubdomains |
| X-Xss-Protection | 1; mode=block |
| X-Cache | Miss from cloudfront |
| X-Amz-Cf-Id | 68GBWMBTRBcYz4zN-_ipSRZqz4rDoKYLnURF_VIDhc3-15_yMNoaRQ== |
| Connection | keep-alive |
| Last-Modified | Mon, 07 Apr 2025 15:14:15 GMT |
| Accept-Ranges | bytes |
| S | dispatcher3euwest1-b80 |
| X-Frame-Options | SAMEORIGIN |
| Cache-Control | max-age=60, s-maxage=60, stale-if-error=3600 |
| Via | 1.1 bdbb0d922c29917c00cfed799f55e7c2.cloudfront.net (CloudFront) |
| Content-Type | text/html; charset=utf-8 |
| Content-Security-Policy | default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.ads-twitter.com *.hsbc.ae bat.bing.com *.amazon-adsystem.com s.amazon-adsystem.com *.v.liveperson.net googleads.g.doubleclick.net connect.facebook.net static.ads-twitter.com tags.tiqcdn.com lptag.liveperson.net lpcdn.lpsnmedia.net cdn.optimizely.com accdn.lpsnmedia.net www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com cdn-assets-prod.s3.amazonaws.com app.contentsquare.com *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com snap.licdn.com *.recaptcha.net s.yimg.com *.askus.hsbc.co.uk *.appspot.com tt.omtrdc.net *.sc.omtrdc.net *.demdex.net *.twitter.com t.co *.walkme.com *.omguk.com *.adsrvr.org pixel.everesttech.net liveperson.com *.contentsquare.com *.qualtrics.com *.quantserve.com *.outbrain.com *.taboola.com *.google-analytics.com www.google.com www.gstatic.cn *.hsbc.com.cn *.isstprod.hsbc.com.cn *.akamaihd.net *.tt.omtrdc.net; img-src data: * blob: *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.googleapis.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.brightcovecdn.com *.contentsquare.net bat.bing.com manifest.prod.boltdns.net adservice.google.com *.api.brightcove.com brightcove.hs.llnwd.net www.facebook.com maps.googleapis.com www.google.com www.googletagmanager.com *.siteintercept.qualtrics.com ad.doubleclick.net http://127.0.0.1:5000 http://127.0.0.1:5000/* stats.g.doubleclick.net www.google-analytics.com t.co analytics.twitter.com analytics.google.com logx.optimizely.com www.google.co.uk hsbc.co.uk www.hsbc.co.uk *.lo.cobrowse.liveperson.net *.tt.omtrdc.net *.sc.omtrdc.net *.mcmprod.hsbc.co.uk rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk www.askus.hsbc.co.uk www.security.hsbc.co.uk translate.googleapis.com *.brightcove.com cdn-assets-prod.s3.amazonaws.com www.isstukdev.hsbc.co.uk www.mcmdev.hsbc.co.uk www.mcmperf.hsbc.co.uk www.isstukuat.hsbc.co.uk www.isstuk.hsbc.co.uk *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com stream-dev.data.hsbc.com *.akamaihd.net px.ads.linkedin.com *.hsbc.co.uk *.qualtrics.com *.amazonaws.com *.we-stats.com *.hsbc.com wss://*.hsbc.com *.onfido.com *.appspot.com *.facebook.com tt.omtrdc.net *.liveperson.net *.google.com *.walkme.com pixel.everesttech.net *.contentsquare.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net http://127.0.0.1:500/* code.jquery.com *.isstprod.hsbc.com.cn *.eu.v2.customers.biocatch.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com connect.facebook.net www.youtube.com m.youtube.com *.demdex.net www.googletagmanager.com td.doubleclick.net *.ep-mimecast.facebook.com 8068700.fls.doubleclick.net gateway.zscalertwo.net google.com *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com *.online-metrix.net *.hsbc.com.hk *.walkme.com liveperson.com *.qualtrics.com tags.tiqcdn.com *.hsbc.co.uk *.facebook.com *.recaptcha.net bid.g.doubleclick.net cdntm.hsbc.co.uk *.akamaihd.net *.ibosscloud.com; frame-ancestors 'self' www.hsbc.co.uk *.liveperson.net *.hsbc.co.uk; font-src 'self' data: *.hsbc.com.hk *.gstatic.com fonts.gstatic.com *.cloudfront.net at.alicdn.com cdn.jsdelivr.net *.avast.com *.alicdn.com fonts.googleapis.com *.hsbc.co.uk; worker-src 'self' blob: tags.tiqcdn.com; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.askus.hsbc.co.uk www.googletagmanager.com *.lo.cobrowse.liveperson.net *.liveperson.net *.optimizely.com *.walkme.com; object-src 'self' blob: players.brightcove.net; child-src 'self' *.demdex.net *.lpsnmedia.net *.liveperson.net *.google.com blob: tags.tiqcdn.com; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net manifest.prod.boltdns.net ssl.gstatic.com brightcove.hs.llnwd.net *.lpsnmedia.net; manifest-src 'self' www.hsbc.co.uk; upgrade-insecure-requests ; report-uri /csp/report; |
| X-Content-Type-Options | nosniff |
| Vary | Accept-Encoding |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar