| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Cf-Cache-Status | DYNAMIC |
| Set-Cookie | AWSALB=Z2458h6Mm1tNd878jVdoihcV+ORokBevS3lkzBSTPSaw6DwwtOEgqhcVg9CxHRw/ueN+8Rx3Vmq0tqStNSdLCpqzkPqatlHaE9MJeSF4J1AYfnh1rQcIcVcaSoMx; Expires=Tue, 15 Apr 2025 12:07:06 GMT; Path=/ |
| X-Xss-Protection | 1; mode=block |
| Permissions-Policy | accelerometer=(),ambient-light-sensor=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), gyroscope=(), magnetometer=(), midi=(), payment=(), publickey-credentials-get=(), usb=(), web-share=(), xr-spatial-tracking=() |
| Content-Type | text/html; charset=utf-8 |
| Strict-Transport-Security | max-age=15552000; includeSubDomains; preload |
| Cf-Ray | 92d1a4761950d595-AMS |
| Vary | Accept-Encoding |
| Content-Security-Policy | default-src 'self' ajax.googleapis.com assets.investisdigital.com fonts.googleapis.com use.typekit.net google-analytics.com code.highcharts.com viz.tools.investis.com edge.api.brightcove.com *.brightcovecdn.com; connect-src 'self' media.idigitalcontents.com irs.tools.investis.com jzkss3k18d.execute-api.eu-west-1.amazonaws.com stats.reciteme.com api.reciteme.com stats.g.doubleclick.net edge.api.brightcove.com google-analytics.com www.google-analytics.com *.google-analytics.com viz.tools.investis.com cookiemanager.investisdigital.com *.investisdigital.com kingfisher-global.cd.invdcloud-is.co.uk www.kingfisher.com *.invdcloud-is.co.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.amazonaws.com *.analytics.google.com *.google.com *.google-analytics.com *.lfeeder.com *.staticcontents.investisdigital.com api.reciteme.com googletagmanager.com ajax.googleapis.com static.cloudflareinsights.com player.vimeo.com www.youtube.com cdn.jsdelivr.net kingfisher-global.cd.invdcloud-is.co.uk www.kingfisher.com code.jquery.com otp.tools.investis.com use.typekit.net google-analytics.com unpkg.com www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com code.highcharts.com viz.tools.investis.com cdnjs.cloudflare.com *.investisdigital.com *.invdcloud-is.co.uk; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net api.reciteme.com unpkg.com *.googletagmanager.com google-analytics.com fonts.googleapis.com viz.tools.investis.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investisdigital.com *.invdcloud-is.co.uk; object-src 'none'; base-uri 'none'; form-action 'self'; font-src 'self' 'unsafe-inline' data: www.w3.org api.reciteme.com fonts.googleapis.com use.typekit.net google-analytics.com fonts.gstatic.com *.investisdigital.com; frame-src 'self' *.zscaler.net *.zscalerone.net *.zscalertwo.net bugcrowd.com www.youtube-nocookie.com *.zscalerthree.net *.zscloud.net adfs.justretirement.com viz.tools.investis.com *.google.com irs.tools.investis.com otp.tools.investis.com connectidfeed.com *.connectidfeed.com www.youtube.com *.vimeo.com; img-src 'self' 'unsafe-inline' data: www.w3.org fonts.gstatic.com tr.lfeeder.com www.googletagmanager.com www.google-analytics.com; media-src 'self' media.idigitalcontents.com; |
| X-Content-Type-Options | nosniff |
| Access-Control-Allow-Origin | * |
| Date | Tue, 08 Apr 2025 12:07:06 GMT |
| Cache-Control | private |
| Server | cloudflare |
| Connection | keep-alive |
| X-Frame-Options | SAMEORIGIN |
| Referrer-Policy | strict-origin-when-cross-origin |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar