nea.gov.sg | Analytics by SecurityHeaders

HTTP Headers report for nea.gov.sg

Header Name Header Data
HTTP status code 200
Date Thu, 17 Apr 2025 03:18:04 GMT
Strict-Transport-Security max-age=31536000; includeSubDomains
Via 1.1 a752e456797165fcc0a1e5de08b5353c.cloudfront.net (CloudFront)
Cross-Origin-Embedder-Policy unsafe-none
Cross-Origin-Resource-Policy cross-origin
Referrer-Policy no-referrer
X-Xss-Protection 1; mode=block
X-Content-Type-Options nosniff
Connection keep-alive
Cache-Control no-cache
Content-Security-Policy default-src 'self' https: *.wogaa.sg *.demdex.net *.everesttech.net *.adobetag.com *.vica.gov.sg *.onemap.gov.sg *.moatads.com wogadobeanalytics.sc.omtrdc.net www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com api.data.gov.sg ifaqs.flexanswer.com *.doubleclick.net *.bootstrapcdn.com *.hotjar.com *.hotjar.io wss://*.hotjar.com; script-src *.googleapis.com *.gstatic.com www.google.com connect.facebook.net *.wogaa.sg *.adobedtm.com *.vica.gov.sg *.moatads.com www.google-analytics.com www.googletagmanager.com *.twitter.com *.hotjar.com *.prd.cwp2.sg platform-api.sharethis.com buttons-config.sharethis.com t.sharethis.com 'unsafe-inline' 'unsafe-eval' 'self' cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net; style-src *.googleapis.com *.gstatic.com *.vica.gov.sg *.wogaa.sg 'unsafe-inline' 'unsafe-eval' 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net; img-src *.gstatic.com *.googleapis.com www.facebook.com data: blob: www.nea.gov.sg *.everesttech.net *.demdex.net *.vica.gov.sg stats.g.doubleclick.net *.onemap.gov.sg *.onemap.sg wogadobeanalytics.sc.omtrdc.net connect.facebook.net www.google-analytics.com www.googletagmanager.com *.googleusercontent.com platform-cdn.sharethis.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' data: *.amazonaws.com *.vica.gov.sg *.wogaa.sg *.googleapis.com *.gstatic.com; connect-src *.gstatic.com *.wogaa.sg dpm.demdex.net wogadobeanalytics.sc.omtrdc.net *.vica.gov.sg wss://*.vica.gov.sg www.google-analytics.com *.googleapis.com api.data.gov.sg smartnation.data.gov.sg data.gov.sg ifaqs.flexanswer.com *.doubleclick.net *.bootstrapcdn.com developers.onemap.sg *.hotjar.com data: *.hotjar.io wss://*.hotjar.com l.sharethis.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; object-src 'self'
X-Cache Miss from cloudfront
X-Frame-Options SAMEORIGIN
X-Amz-Cf-Pop AMS58-P3
Pragma no-cache
Expires -1
X-Amz-Cf-Id KKjfgqL4HZsScancmALzTE8g9dSXTqtA4UuvGOu1wlX6rtjuODqQYA==
Vary Origin
Content-Type text/html; charset=utf-8
Cross-Origin-Opener-Policy unsafe-none
Permissions-Policy accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)

About the tool

By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.

This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.

We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.

Watch it now at TrustRadar