| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| X-Amz-Cf-Id | bQvbZebnHl326MYAfA-QWcucbRbhKDjrIBIsOQO1qILUG0jb2K5J_Q== |
| Connection | keep-alive |
| Date | Thu, 17 Apr 2025 12:01:35 GMT |
| X-Frame-Options | SAMEORIGIN |
| Content-Type | text/html; charset=utf-8 |
| Server | nginx |
| X-Xss-Protection | 1; mode=block |
| X-Amz-Cf-Pop | AMS1-C1 |
| Access-Control-Allow-Methods | POST, GET, OPTIONS |
| X-Content-Type-Options | nosniff |
| Referrer-Policy | strict-origin-when-cross-origin |
| X-Cache | Hit from cloudfront |
| Cache-Control | public, stale-while-revalidate=3600, no-transform, max-age=300 |
| Etag | W/"f4c6b041768087bae5cd41a2bce79555" |
| Content-Security-Policy | default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' media-library.cloudinary.com www.googletagmanager.com cdn.plyr.io www.youtube.com js-agent.newrelic.com d1tl6qsiknvnsu.cloudfront.net d1c3g0ihb82aph.cloudfront.net code.jquery.com *.liveperson.net *.lpsnmedia.net platform-api.sharethis.com buttons-config.sharethis.com cdn.jsdelivr.net www.google.com/recaptcha/api.js www.gstatic.com js.adsrvr.org connect.facebook.net analytics.tiktok.com googleads.g.doubleclick.net googletagmanager.com tagmanager.com; img-src 'self' data: res.cloudinary.com i.ytimg.com cdn.jsdelivr.net i.vimeocdn.com ad.doubleclick.net 'self' d1tl6qsiknvnsu.cloudfront.net d1c3g0ihb82aph.cloudfront.net lpcdn.lpsnmedia.net platform-cdn.sharethis.com l.sharethis.com www.facebook.com www.google.com www.google.co.uk *.googletagmanager.com googletagmanager.com *.gstatic.com connect.facebook.net; frame-src 'self' w.soundcloud.com www.googletagmanager.com cloudinary.com console.cloudinary.com res.cloudinary.com www.youtube.com www.youtube-nocookie.com *.liveperson.net *.lpsnmedia.net player.vimeo.com www.google.com *.doubleclick.net *.adsrvr.org newyorkphilharmonic.wufoo.com ww2.matchinggifts.com; style-src 'unsafe-inline' 'self' d1tl6qsiknvnsu.cloudfront.net d1c3g0ihb82aph.cloudfront.net cdn.plyr.io cdn.jsdelivr.net googletagmanager.com tagmanager.google.com fonts.googleapis.com; font-src 'self' d1tl6qsiknvnsu.cloudfront.net d1c3g0ihb82aph.cloudfront.net fonts.gstatic.com data:; media-src 'self' res.cloudinary.com lpcdn.lpsnmedia.net; connect-src 'self' https://d1c3g0ihb82aph.cloudfront.net/Prod/ https://my.nyphil.org/en/ noembed.com cdn.plyr.io bam.nr-data.net 4glbp5u2t8.execute-api.us-east-1.amazonaws.com api.swiftype.com l.sharethis.com analytics.tiktok.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net adservice.google.com; |
| Access-Control-Allow-Origin | * |
| Via | 1.1 b9394c80294503e08bddf2381e55e810.cloudfront.net (CloudFront) |
| Age | 2959 |
| Strict-Transport-Security | max-age=31536000; includeSubDomains |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar