| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Date | Mon, 07 Apr 2025 14:21:46 GMT |
| Vary | Accept-Encoding |
| Strict-Transport-Security | max-age=31557600 |
| Connection | keep-alive |
| Access-Control-Allow-Origin | * |
| Content-Security-Policy | default-src 'self'; img-src 'self' *.importgenius.cn importgenius.cn *.importgenius.com data: importgenius.com *.website-files.com sb.scorecardresearch.com *.youtube.com ssl.google-analytics.com *.google.com *.google-analytics.com *.swaychat.com *.cloudfront.net cdn.ampproject.org pbs.twimg.com ws.sharethis.com l.sharethis.com *.facebook.com *.ucarecdn.com ucarecdn.com maps.googleapis.com maps.gstatic.com *.doubleclick.net *.google.com.ph i.ytimg.com *.bing.com bing.com *.clarity.ms *.calendly.com googletagmanager.com www.googletagmanager.com *.albacross.com albacross.com *.zohopublic.com zohopublic.com *.zohocdn.com zohocdn.com *.lfeeder.com lfeeder.com *.customer.io customer.io images.unsplash.com zohopagesense.nimbuspop.com; media-src 'self' *.importgenius.com *.google.com *.google-analytics.com; frame-src 'self' *.zohopublic.com zohopublic.com *.importgenius.com *.google.com *.swaychat.com *.googleapis.com www.youtube.com *.sharethis.com *.facebook.com *.firebaseio.com *.doubleclick.net recaptcha.net www.googletagmanager.com *.calendly.com calendly.com *.recaptcha.net recaptcha.net *.recurly.com recurly.com cdn.embedly.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' us-assets.i.posthog.com cdn.jsdelivr.net *.website-files.com *.clarity.ms *.hotjar.com *.omappapi.com www.recaptcha.net edge.fullstory.com *.googletagmanager.com *.doubleclick.net polyfill-fastly.io *.gstatic.com cdn.ranksci.com *.importgenius.com *.importgenius.cn *.google.com ssl.google-analytics.com *.cloudfront.net *.googleapis.com firebaseio.com api.swayio.com *.firebaseio.com *.google.com *.google-analytics.com www.gstatic.com *.swaychat.com *.googleadservices.com swaychat.firebaseio.com *.youtube.com s.ytimg.com cdn.ampproject.org *.sharethis.com connect.facebook.net recaptcha.net fullstory.com geocoder.api.here.com *.datadoghq-browser-agent.com *.bing.com *.zoho.com *.calendly.com *.albacross.com maillist-manage.com *.zohocdn.com zohocdn.com *.zohopublic.com zohopublic.com *.customer.io customer.io *.lfeeder.com lfeeder.com *.recurly.com recurly.com code.jquery.com cdn.pagesense.io; connect-src 'self' videsigns-staging.co.uk raw.githubusercontent.com geocoder.api.here.com *.google-analytics.com *.swayio.com *.importgenius.com wss://*.firebaseio.com *.swaychat.com *.googleapis.com l.sharethis.com *.ucarecdn.com ucarecdn.com sentry.io *.fullstory.com fullstory.com *.googletagmanager.com *.datadoghq.com analytics.google.com www.google.com google.com *.posthog.com *.clarity.ms clarity.ms salesiq.zohopublic.com wss://vts.zohopublic.com *.zohopublic.com vc.hotjar.io *.albacross.com *.doubleclick.net doubleclick.net *.recurly.com recurly.com api.omappapi.com omappapi.com *.facebook.com facebook.com wss://*.hotjar.com *.hotjar.com *.hotjar.io pagesense-collect.zoho.com; font-src 'self' *.importgenius.com *.importgenius.cn data: cdn.prod.website-files.com *.webflow.com *.swaychat.com *.cloudfront.net fonts.gstatic.com *.googleapis.com css.zohocdn.com cdn2.importgenius.com webfonts.zoho.com static.zohocdn.com *.zohocdn.com; style-src 'self' 'unsafe-inline' *.importgenius.com *.importgenius.cn *.website-files.com *.swaychat.com *.googleapis.com ws.sharethis.com *.google.com assets.calendly.com css.zohocdn.com *.zohocdn.com js.zohostatic.com *.zohostatic.com api.omappapi.com a.omappapi.com omappapi.com webfonts.zoho.com; manifest-src 'self' *.importgenius.com; frame-ancestors 'self' *.importgenius.com; object-src 'none'; |
| X-Xss-Protection | 1 |
| Expect-Ct | enforce,max-age=30 |
| X-Frame-Options | SAMEORIGIN |
| Allow | GET, HEAD |
| Content-Type | text/html; charset=utf-8 |
| X-Download-Options | noopen |
| Cache-Control | public, max-age=31556952 |
| Accept-Ranges | bytes |
| Etag | "fd20-WGx+5Dm00BfnfpSTDMgQmkY6fwg" |
| Age | 274100 |
| X-Content-Type-Options | nosniff |
| Referrer-Policy | origin-when-cross-origin |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar