| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| X-Cache | Miss from cloudfront |
| Via | 1.1 435254ceec69c136096ca9b455fd3534.cloudfront.net (CloudFront) |
| X-Amz-Cf-Pop | AMS58-P6 |
| Strict-Transport-Security | max-age=31536000; includeSubdomains |
| Accept-Ranges | bytes |
| X-Content-Type-Options | nosniff |
| Connection | keep-alive |
| Last-Modified | Tue, 08 Apr 2025 02:08:31 GMT |
| Vary | Accept-Encoding |
| Date | Tue, 08 Apr 2025 14:30:20 GMT |
| X-Frame-Options | SAMEORIGIN |
| X-Xss-Protection | 1; mode=block |
| X-Amz-Cf-Id | Wt9XaaukOEFrJju4eO0mdbZ1iV3ZBEKIJ21eLyoR7wJ0lBK3MlLILQ== |
| Content-Type | text/html; charset=utf-8 |
| Server | Apache |
| Content-Security-Policy | default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.ads-twitter.com *.hsbc.ae *.hsbc.com.hk:* *.hsbc.com.au *.veda.com.au *.widgetworks.com.au *.infochoice.com.au geocoderweb.veda.com.au *.member-hsbc-group.com *.licdn.com *.trkd-hs.com *.v.liveperson.net googleads.g.doubleclick.net connect.facebook.net tags.tiqcdn.com lpcdn.lpsnmedia.net cdn.optimizely.com lptag.liveperson.net accdn.lpsnmedia.net www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com maps.googleapis.com s.yimg.com bat.bing.com *.ebanking.hsbc.com.hk cdn-assets-prod.s3.amazonaws.com analytics.tiktok.com services.postcodeanywhere.co.uk *.googlesyndication.com *.g.doubleclick.net *.google-analytics.com tpc.googlesyndication.com www.google.com api.addressy.com; img-src data: * android-webview-video-poster: android-webview: blob:; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.googleapis.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.brightcovecdn.com *.hsbc.com.au *.veda.com.au wss://*.hsbc.com *.hsbc.com.hk:* *.onfido.com *.hsbc.com *.biocatch.com *.amazonaws.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com manifest.prod.boltdns.net www.google.com www.facebook.com maps.googleapis.com ad.doubleclick.net www.googletagmanager.com analytics.google.com stats.g.doubleclick.net www.google-analytics.com akamai.tiqcdn.com www.google.com.au www.hsbc.com.au col.eum-appdynamics.com *.tt.omtrdc.net rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk cdn.linkedin.oribi.io translate.googleapis.com *.dbankcloud.com *.liveperson.net cdn-assets-prod.s3.amazonaws.com analytics.tiktok.com cdnbc-wup.hsbc.com.au cdnbc-logs.hsbc.com.au image.apacdms.uat.ironmountain.com image.apacdms.ironmountain.com *.ironmountain.com *.googletagmanager.com *.facebook.com *.google.com *.doubleclick.net *.google-analytics.com *.analytics.google.com *.g.doubleclick.net services.postcodeanywhere.co.uk api.addressy.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net *.hsbc.com.au *.bankstatements.com.au *.infochoice.com.au *.widgetworks.com.au *.trkd-hs.com *.googletagmanager.com www.facebook.com connect.facebook.net td.doubleclick.net *.demdex.net 8709841.fls.doubleclick.net *.ebanking.hsbc.com.hk *.hsbc.com.hk *.cdn.optimizely.com gateway.zscloud.net gateway.zscalertwo.net google.com gateway.zscaler.net analytics.tiktok.com h.online-metrix.net cdntm.hsbc.com.au cdnbc-wup.hsbc.com.au cdnbc-logs.hsbc.com.au *.online-metrix.net *.facebook.com bid.g.doubleclick.net bankstatements.com.au; frame-ancestors 'self' www.hsbc.com.au; font-src 'self' data: *.hsbc.com.hk *.gstatic.com *.hsbc.com.au fonts.gstatic.com at.alicdn.com cdn.jsdelivr.net; worker-src 'self' blob: *.hsbc.com.au; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.hsbc.com.au *.infochoice.com.au www.googletagmanager.com *.liveperson.net; object-src 'self' blob: players.brightcove.net; child-src 'self'; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com manifest.prod.boltdns.net *.lpsnmedia.net; manifest-src 'self' www.hsbc.com.au *.hsbc.com.au; upgrade-insecure-requests ; report-uri /csp/report; |
| S | dispatcher3apsoutheast1-b80 |
| Cache-Control | max-age=60, s-maxage=60, stale-if-error=3600 |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar