malala.org | Analytics by SecurityHeaders

HTTP Headers report for malala.org

Header Name Header Data
HTTP status code 200
X-Frame-Options SAMEORIGIN
Etag W/"c8115fca483f683e0974051da094b076"
Content-Security-Policy default-src 'self'; media-src 'self' ws://localhost:3035 localhost:3035 *.ctfassets.net malala.org *.malala.org *.youtube.com www.youtube.com *.twimg.com; font-src *.fontawesome.com doublethedonation.com localhost:8080 *.doublethedonation.com *.typekit.net *.googleapis.com *.cognitoforms.com *.gstatic.com cdnjs.cloudflare.com fonts.gstatic.com fonts.googleapis.com www.bugherd.com d2iiunr5ws5ch1.cloudfront.net 'self' data:; img-src * malala.org ws://localhost:3035 localhost:3035 *.malala.org 'self' data:; object-src 'none'; script-src malala.org *.malala.org *.gtm.js ws://localhost:3035 localhost:3000 localhost:3035 *.googleapis.com *.googletagmanager.com tagmanager.google.com *.google-analytics.com optimize.google.com doublethedonation.com *.doublethedonation.com *.bugsnag.com *.consensu.org *.givelively.org *.stripe.com *.paypal.com *.cognitoforms.com *.plaid.com *.google.com *.gstatic.com *.youtube.com *.vimeo.com *.typeform.com *.typekit.net *.website-files.com d3e54v103j8qbb.cloudfront.net *.facebook.net cdnjs.cloudflare.com *.adroll.com us-u.openx.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.yahoo.com eb2.3lift.com trc.taboola.com simage2.pubmatic.com sync.outbrain.com pixel.rubiconproject.com dsum-sec.casalemedia.com pixel.advertising.com *.googleadservices.com *.ytimg.com *.audima.co *.fontawesome.com unpkg.com *.unpkg.com *.weglot.com *.jsdelivr.com *.cloudfront.net *.twitter.com *.twimg.com *.instagram.com *.tiktok.com *.ttwstatic.com *.donorbox.org *.bugherd.com *.bamboohr.com *.thegivingblock.com 'self' data: 'unsafe-inline' 'unsafe-eval'; style-src malala.org *.malala.org ws://localhost:3035 localhost:3035 *.fontawesome.com optimize.google.com fonts.googleapis.com *.typekit.net *.stripe.com *.paypal.com *.website-files.com doublethedonation.com *.plaid.com *.doublethedonation.com *.googleapis.com *.givelively.org *.cognitoforms.com *.youtube.com *.vimeo.com cdnjs.cloudflare.com tagmanager.google.com unpkg.com *.unpkg.com *.ytimg.com *.weglot.com *.cloudfront.net *.twitter.com *.twimg.com *.tiktok.com *.ttwstatic.com *.bugherd.com 'self' unsafe-inline unsafe-eval 'unsafe-inline' 'unsafe-eval'; connect-src 'self' malala.org *.malala.org ws://localhost:3035 localhost:3035 *.fontawesome.com *.google-analytics.com google-analytics.com localhost:8080 *.cognitoforms.com *.stripe.com doublethedonation.com *.doublethedonation.com *.paypal.com *.googletagmanager.com *.google.com *.plaid.com *.bugsnag.com *.givelively.org *.youtube.com *.vimeo.com malala.trilogyforms.com tagmanager.google.com *.ytimg.com *.plyr.io noembed.com *.type *.doubleclick.net *.weglot.com cdn-api-weglot.com *.ctfassets.net www.bugherd.com bugherd-attachments.s3.amazonaws.com ws.pusherapp.com screenshots.bugherd.com sessions.bugsnag.com t.co *.twitter.com *.twimg.com *.facebook.com *.pusher.com *.bamboohr.com; frame-src 'self' malala.org ws://localhost:3035 localhost:3035 *.malala.org *.audima.co *.stripe.com localhost:8080 optimize.google.com doublethedonation.com *.plaid.com *.doublethedonation.com *.youtube.com *.givelively.org *.vimeo.com *.typeform.com *.facebook.com *.facebook.net cdn.embedly.com *.youtube.com www.youtube.com *.youtube-nocookie.com *.ytimg.com *.tgbwidget.com tgbwidget.com *.twitter.com *.instagram.com *.twimg.com *.ted.com *.tiktok.com *.ttwstatic.com youtu.be donorbox.org widget.thegivingblock.com *.donorbox.org; child-src *.facebook.com *.facebook.net; form-action *.facebook.com *.facebook.net *.twitter.com *.list-manage.com *.twimg.com *.trilogyforms.com; worker-src 'self' blob:
Via 1.1 vegur, 1.1 387d417a3f5a5743442b1fcff6eeff24.cloudfront.net (CloudFront)
X-Amz-Cf-Id _N71Vs8hQegZzmeE6MPdjPlkz0uQRVzyYkFk8KPGuq4Dw0hjmmjUlg==
Content-Type text/html; charset=utf-8
Server Cowboy
Date Wed, 16 Apr 2025 21:05:45 GMT
X-Download-Options noopen
X-Permitted-Cross-Domain-Policies none
Cache-Control max-age=0, private, must-revalidate
Connection keep-alive
Report-To {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1744837545&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&s=iyF7HgvuZSyFuh5GAHSPoXu%2BRnH3%2FekQGajbY%2BhcQ40%3D"}]}
Nel {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
X-Xss-Protection 1; mode=block
X-Content-Type-Options nosniff
X-Request-Id 54d97d82-ecd6-4fd7-b055-b15b94c4ae8a
X-Runtime 0.825053
Vary Accept-Encoding
X-Cache Hit from cloudfront
Referrer-Policy strict-origin-when-cross-origin
X-Amz-Cf-Pop CPH50-C2
Age 18895
Reporting-Endpoints heroku-nel=https://nel.heroku.com/reports?ts=1744837545&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&s=iyF7HgvuZSyFuh5GAHSPoXu%2BRnH3%2FekQGajbY%2BhcQ40%3D

About the tool

By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.

This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.

We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.

Watch it now at TrustRadar