| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| X-Content-Type-Options | nosniff |
| Set-Cookie | AWSALB=ZNqQALm3o+6tTbu6zTK+3HHN6STSj5Z4yF7XC3ilAF3H4dS22ZZ+2OXb8Q1s5G3g9/sbqoL9i29r7caPAVegEim13B3Q9qa6eTFnPQWNrdEsoX0oPn9I7G18PUa3; Expires=Sat, 26 Apr 2025 14:13:49 GMT; Path=/ |
| Strict-Transport-Security | max-age=15552000; includeSubDomains; preload |
| Vary | Accept-Encoding |
| Referrer-Policy | strict-origin-when-cross-origin |
| Cf-Cache-Status | DYNAMIC |
| Server | cloudflare |
| Content-Type | text/html; charset=utf-8 |
| Connection | keep-alive |
| Permissions-Policy | accelerometer=(),ambient-light-sensor=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), gyroscope=(), magnetometer=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), web-share=(), xr-spatial-tracking=() |
| Access-Control-Allow-Origin | * |
| Date | Sat, 19 Apr 2025 14:13:50 GMT |
| X-Frame-Options | ALLOW-FROM development.ihg.com https://ihg-development-v2.did2-e1.investis.com |
| Content-Security-Policy | default-src 'self' media.idigitalcontents.com cloud.typography.com cloud.typenetwork.com ajax.googleapis.com fonts.googleapis.com use.typekit.net *.analytics.google.com *.google.com *.google-analytics.com google-analytics.com static.cloudflareinsights.com code.highcharts.com viz.tools.investis.com edge.api.brightcove.com *.brightcovecdn.com; img-src 'self' 'unsafe-inline' * data: www.w3.org; frame-src 'self' consent-pref.trustarc.com ihg-development-v2.did2-e1.investis.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net ir.tools.investis.com td.doubleclick.net *.trustarc.co viz.tools.investis.com *.google.com irs.tools.investis.com otp.tools.investis.com connectidfeed.com *.connectidfeed.com www.youtube.com *.vimeo.com *.investis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' cloud.typography.com cloud.typenetwork.com hello.myfonts.net google-analytics.com fonts.googleapis.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net viz.tools.investis.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investisdigital.com; font-src 'self' 'unsafe-inline' fastly-cloud.typenetwork.com consent.trustarc.com fonts.googleapis.com use.typekit.net google-analytics.com fonts.gstatic.com *.investisdigital.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' consent.trustarc.com extend.vimeocdn.com googleads.g.doubleclick.net bat.bing.com snap.licdn.com connect.facebook.net ajax.googleapis.com www.youtube.com *.analytics.google.com *.google.com *.google-analytics.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net static.cloudflareinsights.com cdn.jsdelivr.net code.jquery.com otp.tools.investis.com use.typekit.net google-analytics.com www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com code.highcharts.com viz.tools.investis.com cdnjs.cloudflare.com *.investisdigital.com; connect-src 'self' www.google.co.in region1.analytics.google.com consent-pref.trustarc.com pagead2.googlesyndication.com cdn.linkedin.oribi.io analytics.google.com stats.g.doubleclick.net edge.api.brightcove.com *.analytics.google.com *.google.com *.google-analytics.com google-analytics.com www.google-analytics.com *.google-analytics.com viz.tools.investis.com cookiemanager.investisdigital.com *.investisdigital.com www.facebook.com; base-uri 'self'; form-action 'self' ; |
| X-Xss-Protection | 1; mode=block |
| Cf-Ray | 932d013a3e62aa76-AMS |
| Cache-Control | private |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar