| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| X-Content-Type-Options | nosniff |
| Set-Cookie | PHPSESSID=h445c36ntg428b2fp2c96sd73psohsgk; path=/; secure; HttpOnly |
| Referrer-Policy | origin-when-cross-origin |
| Content-Security-Policy | default-src 'self' https://bp.idmobile.co.uk media.secure-mobiles.com facebook.com google.com pipe.aria.microsoft.com bot-framework.azureedge.net pa-guided.azureedge.net cci-prod-botdesigner.azureedge.net *.inq.com *.digital.nuance.com *.contentsquare.net *.directline.botframework.com *.powerva.microsoft.com *.analysis.windows.net *.omnichannelengagementhub.com *.azureedge.net *.optimizely.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' t.contentsquare.net app.contentsquare.com media.secure-mobiles.com googleads.g.doubleclick.net s.salecycle.com tagconv.com mpsnare.iesnare.com static.isitetv.com blob: www.googletagmanager.com www.googleadservices.com www.gstatic.com www.everestjs.net www.dwin1.com analytics.tiktok.com analytics-ipv6.tiktokw.us ads.tiktok.com strict-dynamic https://firehose.eu-west-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com https://embeddable-widgets-euw1.insided.com https://embeddable-widgets.insided.com https://cdn.cookielaw.org https://widget.trustpilot.com https://cdn.co-buying.com https://acsbapp.com https://aacdn.nagich.com https://access.nagich.com https://www.googleanalytics.com https://static.cloudflareinsights.com/* *.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://www.clarity.ms/* https://dixons.inq.com/* https://media-eu2.digital.nuance.com/* https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.clarity.ms/tag/uet/5223216 https://static.cloudflareinsights.com/beacon.min.js/ https://siteintercept.qualtrics.com https://www.clarity.ms/s/0.7.47/clarity.js pipe.aria.microsoft.com bot-framework.azureedge.net pa-guided.azureedge.net cci-prod-botdesigner.azureedge.net *.qualtrics.com *.feefo.com *.google-analytics.com *.zenaps.com *.doubleclick.net *.googleapis.com *.google.com *.bing.com *.krxd.net *.cloudfront.net *.reevoo.com *.facebook.net *.visualwebsiteoptimizer.com *.smct.co *.smct.io *.micpn.com *.algolia.net *.inq.com *.digital.nuance.com *.directline.botframework.com *.powerva.microsoft.com *.analysis.windows.net *.omnichannelengagementhub.com *.azureedge.net *.roeyecdn.com *.roeye.com *.brandswap.com smct.co sgtm.idmobile.co.uk preview-sgtm.idmobile.co.uk smct.io; style-src 'self' 'unsafe-inline' media.secure-mobiles.com cdn.mark.reevoo.com mark.reevoo.com fonts.smct.co www.google-analytics.com www.googleadservices.com https://tagmanager.google.com https://access.nagich.com https://widgets.reevoo.com https://googletagmanager.com https://fonts.googleapis.com pipe.aria.microsoft.com bot-framework.azureedge.net pa-guided.azureedge.net cci-prod-botdesigner.azureedge.net *.googleapis.com *.inq.com *.digital.nuance.com *.feefo.com *.qualtrics.com *.directline.botframework.com *.powerva.microsoft.com *.analysis.windows.net *.omnichannelengagementhub.com *.azureedge.net *.brandswap.com; frame-src 'self' bytedance sslocal settings.idmobile.co.uk cdn.krxd.net pixel.everesttech.net smct.co smct.io ls.smct.co ls.smct.io mark.reevoo.com s.salecycle.com www.everestjs.net www.googletagmanager.com www.three.co.uk www.awin1.com www.zenaps.com www.google.com www.youtube.com https://bp.idmobile.co.uk https://widget.trustpilot.com https://accounts.accessibe.com https://acsbapp.com https://dixonscarphone.qualifioapp.com https://access.nagich.com https://www.myunidays.com https://d2d7do8qaecbru.cloudfront.net/* https://td.doubleclick.net/* https://bid.g.doubleclick.net https://d2d7do8qaecbru.cloudfront.net/ https://td.doubleclick.net https://td.doubleclick.net/ bid.g.doubleclick.net pipe.aria.microsoft.com bot-framework.azureedge.net pa-guided.azureedge.net cci-prod-botdesigner.azureedge.net *.facebook.com *.fls.doubleclick.net *.inq.com *.digital.nuance.com *.cdn.optimizely.com *.cdn-pci.optimizely.com *.directline.botframework.com *.powerva.microsoft.com *.analysis.windows.net *.omnichannelengagementhub.com *.azureedge.net *.brandswap.com; font-src 'self' data: fonts.gstatic.com mark.reevoo.com fonts.smct.co fonts.smct.io https://acsbapp.com pipe.aria.microsoft.com bot-framework.azureedge.net pa-guided.azureedge.net cci-prod-botdesigner.azureedge.net *.inq.com *.digital.nuance.com *.qualtrics.com *.directline.botframework.com *.powerva.microsoft.com *.analysis.windows.net *.omnichannelengagementhub.com *.azureedge.net; img-src 'self' data: blob: media.secure-mobiles.com media.carphonewarehouse.com analytics.tiktok.com analytics-ipv6.tiktokw.us ads.tiktok.com smct.co smct.io maps.googleapis.com maps.gstatic.com translate.googleapis.com tbs.tradedoubler.com x.bidswitch.net pipe.aria.microsoft.com bot-framework.azureedge.net pa-guided.azureedge.net cci-prod-botdesigner.azureedge.net https://dpm.demdex.net https://uploads-eu-west-1.insided.com https://cdn.cookielaw.org https://web1.acsbapp.com https://access.nagich.com https://cdn.optimizely.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://lantern.roeye.com/track.php* https://c.clarity.ms/c.gif googleads.g.doubleclick.net www.googletagmanager.com www.awin1.com www.zenaps.com *.fls.doubleclick.net *.feefo.com *.isitetv.com *.google-analytics.com *.analytics.google.com *.gstatic.com *.google.co.uk *.google.com *.facebook.com *.krxd.net *.reevoo.com *.bing.com *.doubleclick.net *.everesttech.net *.visualwebsiteoptimizer.com *.doubleclick.net *.smct.co *.smct.io *.gsmarena.com *.micpn.com *.inq.com *.digital.nuance.com *.contentsquare.net *.qualtrics.com *.directline.botframework.com *.powerva.microsoft.com *.analysis.windows.net *.omnichannelengagementhub.com *.azureedge.net *.roeye.com *.brandswap.com; connect-src 'self' i.salecycle.com ws.salecycle.com fp.zenaps.com smct.co smct.io clients6.google.com analytics.tiktok.com ads.tiktok.com analytics-ipv6.tiktokw.us stats.g.doubleclick.net https://firehose.eu-west-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com https://conversational-eu-west-1.api.insided.com https://cdn.cookielaw.org https://privacyportal-de.onetrust.com https://bp.idmobile.co.uk https://cdn.acsbapp.com https://aacdn.nagich.com https://access.nagich.com https://dixons.inq.com/* https://media-eu2.digital.nuance.com https://nuance.e2save.com https://logx.optimizely.com https://nuance.idmobile.co.uk/* https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google-analytics.com https://www.google.com/pagead/ https://siteintercept.qualtrics.com https://google.com/pagead/* https://google.com/ccm/* https://bat.bing.com/* https://z.clarity.ms/collect *.optimizely.com *.feefo.com *.isitetv.com *.nagich.com *.google-analytics.com *.analytics.google.com *.facebook.com *.krxd.net *.reevoo.com *.smct.co *.smct.io *.algolia.net *.algolianet.com geo.simplifyprod.co.uk *.inq.com *.digital.nuance.com *.contentsquare.net sgtm.idmobile.co.uk preview-sgtm.idmobile.co.uk *.g.doubleclick.net *.roeyecdn.com *.roeye.com *.brandswap.com; media-src https://flv.isitetv.com https://www.isitetv.com; |
| Cf-Ray | 930c81aabc25a001-AMS |
| Date | Tue, 15 Apr 2025 15:34:20 GMT |
| X-Frame-Options | SAMEORIGIN |
| Expires | 0 |
| Cache-Control | no-cache, no-store, must-revalidate, private |
| Content-Security-Policy-Report-Only | form-action 'self' https://www.facebook.com https://feedback.currys.co.uk paypage2-cst.cxmlpg.com PP2.cxmlpg.com pp2.cxmlpg.com sandbox.omni.verifone.cloud omni.verifone.cloud feedback.currys.co.uk; report-uri https://idmobilecspreporting.report-uri.com/r/d/csp/reportOnly; |
| Vary | Accept-Encoding |
| Content-Type | text/html; charset=utf-8 |
| Last-Modified | Tue, 15 Apr 2025 16:34:20 +0100 |
| Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
| Cf-Cache-Status | DYNAMIC |
| Pragma | no-cache |
| X-Xss-Protection | 1; mode=block |
| Server | cloudflare |
| Alt-Svc | h3=":443"; ma=86400 |
| Connection | keep-alive |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar