| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Content-Security-Policy | default-src 'self' snowplow-web.wogaa.sg static.zdassets.com www.facebook.com cdn.syndication.twimg.com video.fsin8-1.fna.fbcdn.net video.fsin8-2.fna.fbcdn.net snowplow-web.wogaa.sg www.google-analytics.com ekr.zdassets.com flexanswer1654.zendesk.com onemap.gov.sg widget-mediator.zopim.com www.google.com www.gstatic.com static.elfsight.com;style-src 'self' 'unsafe-inline' test-gpc-1.sg.va.sabio.cloud webchat.vica.gov.sg lf16-tiktok-web.ttwstatic.com sf16-website-login.neutral.ttwstatic.com cdn.jsdelivr.net test-gpc-1.sg.va.sabio.cloud platform.twitter.com assets.dcube.cloud www.facebook.com fonts.googleapis.com assets.wogaa.sg www.gstatic.com va.ecitizen.gov.sg;script-src 'self' test-gpc-1.sg.va.sabio.cloud webchat.vica.gov.sg lf16-tiktok-web.ttwstatic.com sf16-website-login.neutral.ttwstatic.com www.tiktok.com static.elfsight.com assets-stage-elfsight-com.sfo2.cdn.digitaloceanspaces.com 'unsafe-inline' 'unsafe-eval' googleads.g.doubleclick.net d3pdo5aouiodr4.cloudfront.net zx54f7wti6.execute-api.ap-southeast-1.amazonaws.com googleads.g.doubleclick.net www.googleadservices.com www.google.com test-gpc-1.sg.va.sabio.cloud platform.twitter.com connect.facebook.net assets.dcube.cloud cdn.syndication.twimg.com www.facebook.com assets.adobedtm.com www.google-analytics.com www.googletagmanager.com cdn.jsdelivr.net app-script.monsido.com assets.wogaa.sg polyfill.io va.ecitizen.gov.sg static.zdassets.com unpkg.com www.gstatic.com;font-src 'self' va.ecitizen.gov.sg test-gpc-1.sg.va.sabio.cloud s3-us-west-2.amazonaws.com assets.dcube.cloud assets.wogaa.sg fonts.gstatic.com;img-src data: 'self' files.elfsightcdn.com bucket-common.vica.gov.sg dpm.demdex.net cm.everesttech.net d33wubrfki0l68.cloudfront.net www.google.com is4-ssl.mzstatic.com www.google.com.sg test-gpc-1.sg.va.sabio.cloud pbs.twimg.com syndication.twitter.com platform.twitter.com abs.twimg.com www.facebook.com scontent.fsin8-2.fna.fbcdn.net scontent.fsin8-1.fna.fbcdn.net maps-a.onemap.sg maps-b.onemap.sg maps-c.onemap.sg tracking.monsido.com www.google-analytics.com www.onemap.gov.sg docs.onemap.sg ncspteltd.sc.omtrdc.net cdn.jsdelivr.net va.ecitizen.gov.sg;child-src blob: *;connect-src 'self' *;worker-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' * |
| X-Frame-Options | SAMEORIGIN |
| Strict-Transport-Security | max-age=31536000 ; includeSubDomains ; preload |
| Content-Type | text/html |
| Vary | Accept-Encoding |
| X-Xss-Protection | 1; mode=block |
| X-Content-Type-Options | nosniff |
| Accept-Ranges | bytes |
| Cache-Control | max-age=0, must-revalidate, proxy-revalidate, private |
| Connection | keep-alive |
| Last-Modified | Thu, 17 Apr 2025 09:10:34 GMT |
| Expires | Thu, 17 Apr 2025 21:53:37 GMT |
| Date | Thu, 17 Apr 2025 21:53:37 GMT |
| Server |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar