HTTP Headers report for meo.pt

Header Name	Header Data
HTTP status code	200
Report-To	{"group":"cspenforce","max_age":31536000,"endpoints":[{"url":"https://cspreport.apps.meo.pt/Services/Rest.svc/CSP/pkX84pGsGX/Enforce"}],"include_subdomains":true}
Content-Length	117539
Strict-Transport-Security	max-age=31536000;includeSubDomains
Cache-Control	private
X-Ms-Invokeapp	1; RequireReadOnly
Set-Cookie	UqZBpD3n3iPIDwJU9DmYiWmKWrQY8YkFYM3779Xb=v1JJo8g++CQJp; Path=/; Secure; HttpOnly
Expires	Mon, 21 Apr 2025 03:19:30 GMT
Vary	*
X-Frame-Options	SAMEORIGIN
Referrer-Policy	strict-origin-when-cross-origin
Server	Secure Application Delivery Service - Altice Portugal
Content-Type	text/html; charset=utf-8
Content-Security-Policy	base-uri 'self'; child-src 'self'; connect-src 'self' https://.meo.pt https://.botschool.ai https://api.botschool.ai wss://api.botschool.ai wss://api.ng.botschool.ai https://webchat.ng.botschool.ai https://.engagement.coremedia.cloud wss://.engagement.coremedia.cloud https://.byside.com wss://.byside.com https://cdn-api-weglot.com https://cloudflarestream.com https://.evergage.com https://www.facebook.com https://.google-analytics.com https://adservice.google.com https://analytics.google.com https://region1.analytics.google.com https://www.google.com https://.googleapis.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://.hcaptcha.com https://in.hotjar.com https://.inmobi.com https://.inside-graph.com wss://.inside-graph.com https://cmp.quantcast.com https://.cmp.quantcast.com https://pixel.quantcount.com https://analytics.tiktok.com https://.visualwebsiteoptimizer.com https://.vwo.com https://.weglot.com https://visit-server.inmobi-choice.io https://.clarity.ms https://.doubleclick.net https://quantcast.mgr.consensu.org https://.quantcast.mgr.consensu.org https://.userway.org https://www.google.pt https://services.sapo.pt https://signet-spot.telecom.pt; default-src 'self'; font-src 'self' data: https://.meo.pt https://cdnjs.cloudflare.com https://use.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com https://eu-cdn.inside-graph.com https://connect.facebook.net https://fast.fonts.net; form-action 'self' https://.meo.pt https://.engagement.coremedia.cloud https://.byside.com https://www.facebook.com https://connect.facebook.net; frame-ancestors 'self' https://en.meo.pt https://cinema.sapo.pt https://mag.sapo.pt; frame-src 'self' https://.meo.pt https://.engagement.coremedia.cloud https://stags.bluekai.com https://.byside.com https://www.facebook.com https://.figma.com https://www.google.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://.hcaptcha.com https://vars.hotjar.com https://.inside-graph.com https://meo.speedtestcustom.com https://meoteste.speedtestcustom.com https://.visualwebsiteoptimizer.com https://.vwo.com https://.youtube.com https://.smark.io https://.meo.velocidi.io https://.doubleclick.net https://.userway.org https://signet-spot.telecom.pt; img-src 'self' data: https:; media-src 'self' blob: data: https://.meo.pt; report-to cspenforce; report-uri https://cspreport.apps.meo.pt/Services/Rest.svc/CSP/pkX84pGsGX/Enforce; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://.meo.pt https://.botschool.ai https://img.botschool.ai https://webchat.ng.botschool.ai https://.engagement.coremedia.cloud https://tags.bkrtx.com https://.byside.com https://cdnjs.cloudflare.com https://cdn.evgnet.com https://.google-analytics.com https://optimize.google.com https://www.google.com https://www.googleadservices.com https://.googleapis.com https://www.googleoptimize.com https://.googlesyndication.com https://www.googletagmanager.com https://www.gstatic.com https://.hcaptcha.com https://.hotjar.com https://.inmobi.com https://.inside-graph.com https://cmp.quantcast.com https://rules.quantcount.com https://secure.quantserve.com https://.serving-sys.com https://analytics.tiktok.com https://.visualwebsiteoptimizer.com https://.vwo.com https://.weglot.com https://p.smrk.io https://.meo.velocidi.io https://u.heatmap.it https://www.clarity.ms https://mstat.acestream.net https://.doubleclick.net https://connect.facebook.net https://quantcast.mgr.consensu.org https://.userway.org https://selo.confio.pt; style-src 'self' 'unsafe-inline' https://.meo.pt https://.botschool.ai https://img.botschool.ai https://webchat.ng.botschool.ai https://.engagement.coremedia.cloud https://s3.amazonaws.com https://.byside.com https://use.fontawesome.com https://optimize.google.com https://.googleapis.com https://www.googletagmanager.com https://www.gstatic.com https://.inside-graph.com https://.visualwebsiteoptimizer.com https://.vwo.com https://cdn.weglot.com https://fast.fonts.net https://.userway.org https://selo.confio.pt; worker-src 'self' blob:; object-src 'none'
X-Content-Type-Options	nosniff
Date	Mon, 21 Apr 2025 03:16:29 GMT

About the tool

By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.

This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.

We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.

Watch it now at TrustRadar