| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Vary | Accept-Encoding |
| Cache-Control | no-cache, private |
| X-Content-Type-Options | nosniff |
| X-Frame-Options | DENY |
| X-Xss-Protection | 1; mode=block |
| Set-Cookie | vulid=1CNMYuQLDdgnDiPXnN9GUe.049e0d54b7389491d4b405c97dfdc5add91996d20b22005ce30df913599c1e82; expires=Sat, 18 Oct 2025 08:19:50 GMT; Max-Age=15552000; path=/; secure; httponly; samesite=lax |
| Referrer-Policy | strict-origin-when-cross-origin |
| Content-Security-Policy | default-src 'self' static1.clickandboat.com static1.oceans-evasion.com static1.nautal.com static1.scansail.com; connect-src 'self' static2.clickandboat.com static2.oceans-evasion.com static2.nautal.com static2.scansail.com static3.clickandboat.com static3.oceans-evasion.com static3.nautal.com static3.scansail.com https://assets.nautal.com/frontend-assets/master/elements/ https://assets.nautal.com/frontend-assets/master/ https://assets.nautal.com/frontend-assets/master/elements/ https://logs1412.xiti.com *.google-analytics.com stats.g.doubleclick.net accounts.google.com pagead2.googlesyndication.com identitytoolkit.googleapis.com securetoken.googleapis.com bat.bing.com https://analytics.tiktok.com api.stripe.com ekr.zdassets.com clickandboat.zendesk.com wss://widget-mediator.zopim.com widget-mediator.zopim.com *.sentry.io api.realytics.io *.paypal.com https://*.clarity.ms https://s2s.adjust.com/event click-and-boat.pxf.io https://api.privacy-center.org *.criteo.com graph.facebook.com www.facebook.com https://respondent.survicate.com https://survey.survicate.com https://survey-prd.survicate-cdn.com; font-src 'self' data: static3.clickandboat.com fonts.gstatic.com https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com; frame-ancestors 'self'; frame-src 'self' *.facebook.com *.criteo.com accounts.google.com www.google.com js.stripe.com hooks.stripe.com www.googletagmanager.com *.doubleclick.net *.paypal.com click-and-boat.pxf.io static1.clickandboat.com cabmobileapp-196814.firebaseapp.com; img-src 'self' static1.clickandboat.com static1.oceans-evasion.com static1.nautal.com static1.scansail.com https://assets.nautal.com/frontend-assets/master/ https://assets.nautal.com/frontend-assets/master/elements/ blog.clickandboat.com blog.nautal.com blog.oceans-evasion.com blog.scansail.com blog.clickandboat.com data: blob: res.cloudinary.com *.google-analytics.com *.doubleclick.net secure.adnxs.com www.google.fr www.google.it www.google.es www.google.com www.google.de www.google.nl www.google.co.uk www.google.gr www.google.pl www.google.ch www.google.be www.google.com.br www.google.hr www.google.at www.google.pt www.google.se www.google.ru www.google.ca www.google.com.ar www.google.com.tr www.google.com.ua www.google.ie www.google.si www.google.ro www.google.com.mx www.google.com.mt www.google.com.au www.google.dk www.google.ae www.google.gp www.google.hu www.google.cz www.google.lu www.google.com.cy www.google.no www.google.me www.google.bg www.google.co.il www.google.rs www.google.sk *.bing.com *.criteo.com *.facebook.com *.mydialoginsight.com maps.googleapis.com *.gstatic.com *.google.com *.google.fr v2assets.zopim.io v2uploads.zopim.io clickandboat.zendesk.com https://*.clarity.ms https://s2s.adjust.com/event click-and-boat.pxf.io https://www.ojrq.net https://logs-01.loggly.com https://sdk.privacy-center.org https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com https://assets.survicate.com https://img.survicate.com https://images.unsplash.com; script-src 'unsafe-eval' 'self' static2.clickandboat.com static2.oceans-evasion.com static2.nautal.com static2.scansail.com https://assets.nautal.com/frontend-assets/master/elements/ https://assets.nautal.com/frontend-assets/master/ https://tag.aticdn.net *.google-analytics.com *.googleadservices.com *.google.com *.ggpht.com www.googletagmanager.com bat.bing.com www.facebook.com https://analytics.tiktok.com *.criteo.net *.criteo.com *.mydialoginsight.com *.googleapis.com www.gstatic.com connect.facebook.net js.stripe.com static.zdassets.com widget-mediator.zopim.com *.realytics.io *.realytics.net https://*.clarity.ms https://c.bing.com https://s2s.adjust.com/event https://utt.impactcdn.com https://sdk.privacy-center.org https://tag.aticdn.net https://survey.survicate.com https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com https://survey-prd.survicate-cdn.com *.paypal.com browser.sentry-cdn.com 'unsafe-inline' 'nonce-HBXTF3RGHHqYkj1kvScgOQ=='; style-src 'self' static2.clickandboat.com static2.oceans-evasion.com static2.nautal.com static2.scansail.com static3.clickandboat.com static3.oceans-evasion.com static3.nautal.com static3.scansail.com https://assets.nautal.com/frontend-assets/master/ 'unsafe-inline' fonts.googleapis.com tagmanager.google.com accounts.google.com https://sdk.privacy-center.org https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com; report-uri https://o417216.ingest.us.sentry.io/api/4506020607492097/security/?sentry_key=3c14ba189cc8cb536d95fb1b6fe67298 |
| X-Content-Security-Policy | default-src 'self' static1.clickandboat.com static1.oceans-evasion.com static1.nautal.com static1.scansail.com; connect-src 'self' static2.clickandboat.com static2.oceans-evasion.com static2.nautal.com static2.scansail.com static3.clickandboat.com static3.oceans-evasion.com static3.nautal.com static3.scansail.com https://assets.nautal.com/frontend-assets/master/elements/ https://assets.nautal.com/frontend-assets/master/ https://assets.nautal.com/frontend-assets/master/elements/ https://logs1412.xiti.com *.google-analytics.com stats.g.doubleclick.net accounts.google.com pagead2.googlesyndication.com identitytoolkit.googleapis.com securetoken.googleapis.com bat.bing.com https://analytics.tiktok.com api.stripe.com ekr.zdassets.com clickandboat.zendesk.com wss://widget-mediator.zopim.com widget-mediator.zopim.com *.sentry.io api.realytics.io *.paypal.com https://*.clarity.ms https://s2s.adjust.com/event click-and-boat.pxf.io https://api.privacy-center.org *.criteo.com graph.facebook.com www.facebook.com https://respondent.survicate.com https://survey.survicate.com https://survey-prd.survicate-cdn.com; font-src 'self' data: static3.clickandboat.com fonts.gstatic.com https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com; frame-ancestors 'self'; frame-src 'self' *.facebook.com *.criteo.com accounts.google.com www.google.com js.stripe.com hooks.stripe.com www.googletagmanager.com *.doubleclick.net *.paypal.com click-and-boat.pxf.io static1.clickandboat.com cabmobileapp-196814.firebaseapp.com; img-src 'self' static1.clickandboat.com static1.oceans-evasion.com static1.nautal.com static1.scansail.com https://assets.nautal.com/frontend-assets/master/ https://assets.nautal.com/frontend-assets/master/elements/ blog.clickandboat.com blog.nautal.com blog.oceans-evasion.com blog.scansail.com blog.clickandboat.com data: blob: res.cloudinary.com *.google-analytics.com *.doubleclick.net secure.adnxs.com www.google.fr www.google.it www.google.es www.google.com www.google.de www.google.nl www.google.co.uk www.google.gr www.google.pl www.google.ch www.google.be www.google.com.br www.google.hr www.google.at www.google.pt www.google.se www.google.ru www.google.ca www.google.com.ar www.google.com.tr www.google.com.ua www.google.ie www.google.si www.google.ro www.google.com.mx www.google.com.mt www.google.com.au www.google.dk www.google.ae www.google.gp www.google.hu www.google.cz www.google.lu www.google.com.cy www.google.no www.google.me www.google.bg www.google.co.il www.google.rs www.google.sk *.bing.com *.criteo.com *.facebook.com *.mydialoginsight.com maps.googleapis.com *.gstatic.com *.google.com *.google.fr v2assets.zopim.io v2uploads.zopim.io clickandboat.zendesk.com https://*.clarity.ms https://s2s.adjust.com/event click-and-boat.pxf.io https://www.ojrq.net https://logs-01.loggly.com https://sdk.privacy-center.org https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com https://assets.survicate.com https://img.survicate.com https://images.unsplash.com; script-src 'unsafe-eval' 'self' static2.clickandboat.com static2.oceans-evasion.com static2.nautal.com static2.scansail.com https://assets.nautal.com/frontend-assets/master/elements/ https://assets.nautal.com/frontend-assets/master/ https://tag.aticdn.net *.google-analytics.com *.googleadservices.com *.google.com *.ggpht.com www.googletagmanager.com bat.bing.com www.facebook.com https://analytics.tiktok.com *.criteo.net *.criteo.com *.mydialoginsight.com *.googleapis.com www.gstatic.com connect.facebook.net js.stripe.com static.zdassets.com widget-mediator.zopim.com *.realytics.io *.realytics.net https://*.clarity.ms https://c.bing.com https://s2s.adjust.com/event https://utt.impactcdn.com https://sdk.privacy-center.org https://tag.aticdn.net https://survey.survicate.com https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com https://survey-prd.survicate-cdn.com *.paypal.com browser.sentry-cdn.com 'unsafe-inline' 'nonce-HBXTF3RGHHqYkj1kvScgOQ=='; style-src 'self' static2.clickandboat.com static2.oceans-evasion.com static2.nautal.com static2.scansail.com static3.clickandboat.com static3.oceans-evasion.com static3.nautal.com static3.scansail.com https://assets.nautal.com/frontend-assets/master/ 'unsafe-inline' fonts.googleapis.com tagmanager.google.com accounts.google.com https://sdk.privacy-center.org https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com; report-uri https://o417216.ingest.us.sentry.io/api/4506020607492097/security/?sentry_key=3c14ba189cc8cb536d95fb1b6fe67298 |
| Content-Type | text/html; charset=UTF-8 |
| Date | Mon, 21 Apr 2025 08:19:50 GMT |
| Connection | keep-alive |
| Server | nginx |
| Strict-Transport-Security | max-age=15768000; includeSubDomains |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar