| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Set-Cookie | gtm_id=91238aaf-e673-48ab-9d24-1555a0b6ef65; Max-Age=31536000; Domain=.intercom.com; Path=/; Expires=Sat, 04 Apr 2026 22:02:05 GMT; SameSite=None |
| Vary | Accept-Encoding |
| X-Xss-Protection | 0 |
| X-Frame-Options | SAMEORIGIN |
| Server | nginx |
| X-Amz-Cf-Pop | AMS58-P2 |
| Connection | keep-alive |
| Date | Fri, 04 Apr 2025 22:02:05 GMT |
| X-Dns-Prefetch-Control | off |
| Referrer-Policy | strict-origin-when-cross-origin |
| X-Permitted-Cross-Domain-Policies | none |
| Expect-Ct | max-age=0 |
| X-Download-Options | noopen |
| Alt-Svc | h3=":443"; ma=86400 |
| Cross-Origin-Resource-Policy | cross-origin |
| Via | 1.1 1e604122efa69acb57f0b5ccc10d9de6.cloudfront.net (CloudFront) |
| Content-Type | text/html; charset=utf-8 |
| Status | 200 OK |
| Strict-Transport-Security | max-age=15552000; includeSubDomains; preload |
| X-Content-Type-Options | nosniff |
| Content-Security-Policy | default-src 'self'; frame-ancestors 'self' https://app.contentful.com; child-src 'self' connect.facebook.net fast.wistia.com fast.wistia.net googleads.g.doubleclick.net td.doubleclick.net *.hotjar.com *.hotjar.io *.contentful.com bid.g.doubleclick.net *.fls.doubleclick.net youtube.com www.youtube.com js.stripe.com www.facebook.com staticxx.facebook.com tpc.googlesyndication.com www.google.com *.googletagmanager.com *.quora.com intercom-sheets.com app-ab27.marketo.com www.intercom-reporting.com d2c7xlmseob604.cloudfront.net js.intercomcdn.com insight.adsrvr.org match.adsrvr.org https://intercom.chilipiper.com app.intercom.com app.intercom.io https://app.getreprise.com tags.srv.stackadapt.com; connect-src 'self' www.intercom.com app.intercom.io app.intercom.com api.intercom.io api-visitor-analytics.intercom.com api-iam.intercom.io api-ping.intercom.io api.smartling.com js.intercomcdn.com munchkin.marketo.net *.mktoutil.com nexus-websocket-a.intercom.io nexus-websocket-test.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-test.intercom.io store.intercomassets.com widget.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-test.intercom.io marketing.intercomcdn.com uploads.intercomcdn.com uploads.intercomusercontent.com abrtp1.marketo.com abrtp1-cdn.marketo.com app.getsentry.com stats.g.doubleclick.net https://*.google.com https://googleads.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com http://*.hotjar.io:* https://*.hotjar.io:* wss://*.hotjar.io sentry.io www.facebook.com *.akamaihd.net *.wistia.com *.wistia.net *.contentful.com 258-clw-344.mktoresp.com bat.bing.com d2c7xlmseob604.cloudfront.net rum-collector-2.pingdom.net https://*.browser-intake-datadoghq.com public-trace-http-intake.logs.datadoghq.com https://assets.ctfassets.net c.6sc.co b.6sc.co j.6sc.co ipv6.6sc.co eps.6sc.co v.eps.6sc.co epsilon.6sense.com epsilon-cloudfront.6sense.com secure.adnxs.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com api.chilipiper.com tracking.chilipiper.com cdn.linkedin.oribi.io gw.linkedin.oribi.io px.ads.linkedin.com https://app.getreprise.com images.ctfassets.net https://cdn.jsdelivr.net https://unpkg.com/@rive-app/canvas@2.10.1/rive.wasm *.litix.io https://o2129.ingest.sentry.io/ cdn.cookielaw.org *.onetrust.com https://conversions-config.reddit.com https://www.redditstatic.com https://pixel-config.reddit.com/ tags.srv.stackadapt.com; font-src data: https: ; img-src data: blob: https: ; media-src data: blob: https: ; object-src 'none'; script-src 'self' 'unsafe-eval' app.intercom.io app.intercom.com www.intercom.com js.intercomcdn.com store.intercomassets.com marketing.intercomassets.com widget.intercom.io ajax.googleapis.com analytics.twitter.com abrtp1.marketo.com abrtp1-cdn.marketo.com app-sjqe.marketo.com app-sjst.marketo.com app-ab27.marketo.com bat.bing.com cdn-assets-prod.s3.amazonaws.com cdn.ravenjs.com browser.sentry-cdn.com connect.facebook.net distillery.wistia.com distillery-main.wistia.com fast.wistia.com fast.wistia.net googleads.g.doubleclick.net js.stripe.com munchkin.marketo.net platform.twitter.com rtp-static.marketo.com script.hotjar.com script.hotjar.io secure.adnxs.com static.hotjar.com static.hotjar.io stats.g.doubleclick.net store.intercom.io tpc.googlesyndication.com www.datadoghq-browser-agent.com https://*.google.com www.google-analytics.com www.googleadservices.com/pagead/ www.googletagmanager.com tagmanager.google.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com dc.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com https://js.chilipiper.com 'sha256-CIxBMTSsZNOVtN/e53Oinc5o7iS+6GCLATfDTYD9EQk=' 'sha256-cc60iDuEUKTNkKYpz2vlEgGOssRRzDfo9rv0YBux2ak=' https://app.getreprise.com *.litix.io *.contentful.com https://o2129.ingest.sentry.io/ cdn.cookielaw.org *.onetrust.com 'strict-dynamic' 'nonce-MWMxOWYwMjgtMjlkMC00ZDMyLTllNWEtYTRiZTNkM2I5OGFj'; style-src 'self' 'unsafe-inline' app-ab27.marketo.com marketing.intercomassets.com maxcdn.bootstrapcdn.com rtp-static.marketo.com fonts.googleapis.com tagmanager.google.com https://www.googletagmanager.com https://js.chilipiper.com tags.srv.stackadapt.com; worker-src data: blob:; base-uri 'self'; report-uri https://o2129.ingest.sentry.io/api/1467748/security/?sentry_key=2b3179211aae44189b7651cf09d7b74f |
| X-Cache | Miss from cloudfront |
| X-Amz-Cf-Id | 9pl_RdDuhdTXB7IuuOacGRmZHLmOwgycIEW_8yEPjHfKiRQ6RHytng== |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar