| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Cache-Control | no-cache |
| Strict-Transport-Security | max-age=63072000; includeSubdomains; preload |
| Expires | Sat, 26 Jul 1997 05:00:00 GMT |
| Last-Modified | Mon, 21 Apr 2025 04:31:45 GMT |
| Vary | Accept-Encoding |
| Date | Mon, 21 Apr 2025 04:31:45 GMT |
| X-Content-Type-Options | nosniff |
| Pragma | no-cache |
| Content-Security-Policy | default-src 'self' *.sumsmanagement.com *.cloudfront.net eu.snapengage.com drive.google.com api.reciteme.com *.sums.su *.b-cdn.net yusu.org yorksu.org 2d53b4ae7710437ef402-16882fd0dd682351953626dbea9fe405.ssl.cf3.rackcdn.com wss://*.hotjar.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' data: ajax.googleapis.com *.cloudflare.com *.jsdelivr.net cdn.quilljs.com *.google.com *.googletagmanager.com c.ststat.net manchesterstudentsunion.com *.manchesterstudentsunion.com rawgithub.com *.rawgithub.com *.rawgit.com rawgit.com *.hotjar.com *.facebook.com *.facebook.net ussu-web.s3.eu-west-2.amazonaws.com bgsumsassets.s3.eu-west-2.amazonaws.com *.googleapis.com *.sumsmanagement.com *.sums.su *.rackcdn.com pi-live.sagepay.com *.google-analytics.com emailmeform.com *.emailmeform.com *.gstatic.com *.tawk.to *.bootstrapcdn.com web-cdn.fixr.co use.fontawesome.com unpkg.com diffuser-cdn.app-us1.com *.reciteme.com cdn.curator.io *.twitter.com *.fontawesome.com mentimeter.com *.lightwidget.com *.datatables.net api.mapbox.com openstreetmap.org *.thunderforest.com box.com boxcdn.net justgiving.com *.justgiving.com rss2json.com hullstudent.co.uk *.atlassian.com *.addthis.com vuejs.org *.moatads.com *.popupsmart.com *.addthisedge.com code.jquery.com *.live.com prism.app-us1.com eu.snapengage.com js-agent.newrelic.com trackcmp.net bam.nr-data.net uksu.activehosted.com *.placeholder.com *.surveymonkey.com d3rxaij56vjege.cloudfront.net cdn.ckeditor.com *.designmynight.com *.typeform.com actionnetwork.org *.browsealoud.com ysjsu.com *.juicer.io reclaimhub.com *.appzi.io manchesterstudenthomes.com embedsocial.com *.clarity.ms woxo.tech snapwidget.com s3.amazonaws.com *.civiccomputing.com *.freshworks.com *.us1.list-manage.com plausible.io calendar.zoho.eu opinionstage.com *.browsealoud.com *.googleadservices.com *.fatsoma.com *.mapbox.com documentservices.adobe.com gen.sendtric.com public.flourish.studio *.eusa.ed.ac.uk *.youtube.com freddyfeedback.com *.termsfeed.com ucarecdn.com uploadcare.com *.uploadcare.com native.fm *.native.fm *.moneyadviceservice.org.uk *.moneyhelper.org.uk facebook.com *.facebook.com *.dotdigital-pages.com lottie.host *.lottie.host *.instagram.com eocampaign1.com *.botframework.com *.yorksu.org *.openwidget.com acrobatservices.adobe.com *.cookiebot.com *.imperialcollegeunion.org *.sentry-cdn.com cloud.umami.is cdn.tailwindcss.com *.posthog.com files.cdn.leadfamly.com secure.instinct-52.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.jsdelivr.net cdn.quilljs.com *.cloudflare.com manchesterstudentsunion.com *.manchesterstudentsunion.com ussu-web.s3.eu-west-2.amazonaws.com bgsumsassets.s3.eu-west-2.amazonaws.com *.sumsmanagement.com *.sums.su *.rackcdn.com *.cloudfront.net *.bootstrapcdn.com *.google.com hello.myfonts.net *.fontawesome.com *.typekit.net *.popupsmart.com *.tawk.to *.gstatic.com unpkg.com *.reciteme.com cdn.ckeditor.com *.designmynight.com actionnetwork.org ysjsu.com *.curator.io *.juicer.io *.jquery.com danny-husu.github.io embedsocial.com cdn-images.mailchimp.com *.typeform.com *.freshworks.com *.mapbox.com *.fatsoma.com su.imgix.net native.fm *.native.fm *.rawgithub.com facebook.com *.facebook.com *.yorksu.org *.imperialcollegeunion.org *.fontshare.com;img-src 'self' data: *.facebook.com nusdigital.s3-eu-west-1.amazonaws.com ussu-web.s3.eu-west-2.amazonaws.com bgsumsassets.s3.eu-west-2.amazonaws.com nusdigital.s3.amazonaws.com su.imgix.net manchesterstudentsunion.com *.manchesterstudentsunion.com *.sumsmanagement.com *.sums.su *.rackcdn.com *.cloudflare.com *.cloudfront.net *.google-analytics.com *.google.com *.googleapis.com *.googleusercontent.com *.google.co.uk *.justgiving.com *.googletagmanager.com *.tawk.to *.tile.thunderforest.com maps.gstatic.com *.ytimg.com *.reciteme.com cdn.ckeditor.com *.glassdoor.co.uk *.designmynight.com *.gstatic.com actionnetwork.org ysjsu.com *.netlify.app *.b-cdn.net *.curator.io *.browsealoud.com *.texthelp.com *.ibb.co *.lincolnsu.com *.airtable.com minisite.ticketline.co.uk *.juicer.io *.cdninstagram.com *.appzi.io *.clarity.ms *.freshworks.com fixr-cdn.fixr.co *.mapbox.com dummyimage.com *.sendtric.com *.airtableusercontent.com public.flourish.studio *.youtube.com *.fatsoma.com native.fm *.native.fm *.hotjar.com *.moneyhelper.org.uk facebook.com *.facebook.com *.unsplash.com *.yorksu.org *.cookiebot.com *.imperialcollegeunion.org;font-src 'self' data: manchesterstudentsunion.com *.manchesterstudentsunion.com font.googleapis.com *.sumsmanagement.com *.sums.su *.rackcdn.com *.gstatic.com *.jsdelivr.net *.cloudfront.net *.bootstrapcdn.com *.fontawesome.com *.hotjar.com *.cloudflare.com fonts.googleapis.com *.tawk.to ussu-web.s3.eu-west-2.amazonaws.com *.reciteme.com ysjsu.com *.netlify.app *.juicer.io dev-ysjsu.netlify.app *.appzi.io *.freshworks.com use.typekit.net su.imgix.net native.fm *.native.fm facebook.com *.facebook.com *.yorksu.org *.imperialcollegeunion.org *.fontshare.com;connect-src 'self' 'unsafe-inline' manchesterstudentsunion.com *.manchesterstudentsunion.com *.airtable.com *.hotjar.com *.google-analytics.com *.facebook.com *.sums.su *.hotjar.io wss://*.tawk.to *.tawk.to *.atlassian.com *.doubleclick.net *.fontawesome.com *.googleapis.com bam.nr-data.net *.addthis.com *.rss2json.com *.reciteme.com submit-form.com *.designmynight.com *.typeform.com *.botpoison.com *.browsealoud.com eu.snapengage.com ysjsu.com *.curator.io *.speechstream.net *.texthelp.com wss://*.hotjar.com *.sums.dev *.juicer.io *.appzi.io *.clarity.ms *.civiccomputing.com *.freshworks.com *.freshdesk.com plausible.io *.withgoogle.com *.eusa.ed.ac.uk freddyfeedback.com native.fm *.native.fm uploadcare.com *.uploadcare.com *.google.com facebook.com *.facebook.com *.powerplatform.com wss://*.botframework.com *.botframework.com viewlicense.adobe.io consentcdn.cookie.com api.fixr.co *.sentry.io api.hsforms.com *.mapbox.com api.iconify.design api.unisvg.com api.simplesvg.com api-gateway.umami.dev *.rackcdn.com *.posthog.com;frame-src 'self' data: manchesterstudentsunion.com *.manchesterstudentsunion.com *.hotjar.com *.google.com *.youtube.com *.openstreetmap.org *.rackcdn.com *.addthis.com *.box.com *.kaltura.com *.lightwidget.com *.opinionstage.com prezi.com *.youtube-nocookie.com *.surveymonkey.com *.emailmeform.com *.reciteme.com *.live.com *.office.com *.nottingham.ac.uk *.facebook.com snapwidget.com *.typeform.com ussu-web.s3.eu-west-2.amazonaws.com *.sumsmanagement.com www.mentimeter.com *.vimeo.com ysjsu.com *.jotform.com *.jotformeu.com *.googleapis.com *.sums.su *.issuu.com *.airtable.com *.york.ac.uk *.ystv.co.uk *.ury.org.uk *.twitter.com login.microsoftonline.com login.windows.net manchesterstudenthomes.com *.sharepoint.com reclaimhub.com open.spotify.com w.soundcloud.com embedsocial.com *.sheffield.us1.list-manage.com *.instagram.com *.freshworks.com fixr.co calendar.zoho.eu *.google.co.uk *.yumpu.com *.fatsoma.com kuintranet.co.uk *.kuintranet.co.uk wix.com *.wix.com wixapps.net *.wixapps.net public.flourish.studio flo.uri.sh v5.airtableusercontent.com forms.microsoft.com *.eusa.ed.ac.uk *.sums.digital *.canva.com freddyfeedback.com hullstudent.co.uk native.fm *.native.fm *.moneyadviceservice.org.uk lincolnsu.com *.lincolnsu.com facebook.com *.facebook.com *.cloud.microsoft *.dotdigital-pages.com lottie.host *.lottie.host *.cloudflare.com *.manchester.ac.uk copilotstudio.microsoft.com *.powerbi.com *.openwidget.com acrobatservices.adobe.com *.cookiebot.com *.northampton.ac.uk *.imperialcollegeunion.org lightwidget.com uonsuperks.uni-street.com 1drv.ms embeds.beehiiv.com *.playable.com lsu-shops.netlify.app;child-src 'self' ;media-src 'self' blob: assets-cdn.sums.su *.sumsmanagement.com api.reciteme.com livemanchesterac.sharepoint.com *.tawk.to native.fm *.native.fm;worker-src 'self' thevenuekent.co.uk blob:; |
| Content-Type | text/html; charset=UTF-8 |
| X-Frame-Options | DENY |
| Set-Cookie | exp_last_visit=1429849905; expires=Tue, 21-Apr-2026 04:31:45 GMT; Max-Age=31536000; path=/; secure; HttpOnly |
| Connection | keep-alive |
| Server | Apache |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar