| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Connection | keep-alive |
| X-Amz-Cf-Id | hYyKTwXqktwNnQs2kbm0utCHvfhNOCqX63sXpE9RI5SX12KX0c8KCA== |
| Content-Type | text/html; charset=utf-8 |
| Content-Security-Policy | default-src 'self' *.originenergy.com.au origin-energy.formstack.com *.google.com *.google.com.au *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleusercontent.com *.doubleclick.net *.gstatic.com *.facebook.com *.facebook.net *.hotjar.com *.hotjar.io w.usabilla.com api.usabilla.com d6tizftlrpuof.cloudfront.net assets.adobedtm.com *.demdex.net *.everesttech.net cx.atdmt.com *.redditstatic.com *.reddit.com *.linkedin.com snap.licdn.com *.tiktok.com cdn.pdst.fm pixel.byspotify.com r.turn.com *.boldchat.com *.intercom.io *.intercomcdn.com static.intercomassets.com uploads.intercomusercontent.com www.intercom-reporting.com *.intercom-attachments-1.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com *.newrelic.com bam.nr-data.net *.fullstory.com *.maxmind.com *.youtube.com *.stripe.com *.survicate.com *.survicate-cdn.com originenergyservices.tt.omtrdc.net 'report-sample'; script-src 'self' *.originenergy.com.au origin-energy.formstack.com *.google.com *.google.com.au *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleusercontent.com *.doubleclick.net *.gstatic.com *.facebook.com *.facebook.net *.hotjar.com *.hotjar.io w.usabilla.com api.usabilla.com d6tizftlrpuof.cloudfront.net assets.adobedtm.com *.demdex.net *.everesttech.net cx.atdmt.com *.redditstatic.com *.reddit.com *.linkedin.com snap.licdn.com *.tiktok.com cdn.pdst.fm pixel.byspotify.com r.turn.com *.boldchat.com *.intercom.io *.intercomcdn.com static.intercomassets.com uploads.intercomusercontent.com www.intercom-reporting.com *.intercom-attachments-1.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com *.newrelic.com bam.nr-data.net *.fullstory.com *.maxmind.com *.youtube.com *.stripe.com *.survicate.com *.survicate-cdn.com www.everestjs.net cdn.split.io *.branch.io app.link originenergy.nanorep.co browser-update.org 'unsafe-inline' widget.trustpilot.com *.optimizely.com *.stripe.com utt.impactcdn.com api.quickstream.westpac.com.au cdn-assets-prod.s3.amazonaws.com/js/preview2/27715040530.js; style-src 'self' *.originenergy.com.au origin-energy.formstack.com *.google.com *.google.com.au *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleusercontent.com *.doubleclick.net *.gstatic.com *.facebook.com *.facebook.net *.hotjar.com *.hotjar.io w.usabilla.com api.usabilla.com d6tizftlrpuof.cloudfront.net assets.adobedtm.com *.demdex.net *.everesttech.net cx.atdmt.com *.redditstatic.com *.reddit.com *.linkedin.com snap.licdn.com *.tiktok.com cdn.pdst.fm pixel.byspotify.com r.turn.com *.boldchat.com *.intercom.io *.intercomcdn.com static.intercomassets.com uploads.intercomusercontent.com www.intercom-reporting.com *.intercom-attachments-1.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com *.newrelic.com bam.nr-data.net *.fullstory.com *.maxmind.com *.youtube.com *.stripe.com *.survicate.com *.survicate-cdn.com 'unsafe-inline'; connect-src *.originenergy.com.au origin-energy.formstack.com wss://*.originenergy.com.au originenergyservices.tt.omtrdc.net *.everesttech.net dpm.demdex.net *.hotjar.io *.hotjar.com wss://*.hotjar.com *.boldchat.com bam.nr-data.net ws3.ondemand.qas.com *.split.io collectors.au.sumologic.com *.branch.io api.usabilla.com *.intercom.io wss://*.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com sdk.iad-05.braze.com *.fullstory.com geoip-js.com log-api.newrelic.com *.optimizely.com google.com *.google.com *.tiktok.com r.turn.com *.survicate.com *.survicate-cdn.com api.quickstream.westpac.com.au originenergy.au.auth0.com/.well-known/jwks.json *.origin-kraken.energy geoip-js.com cdn-assets-prod.s3.amazonaws.com/js/preview2/27715040530.js; frame-src mailto: tel: *.google.com *.hotjar.com *.hotjar.io fast.originenergyservices.demdex.net originenergyservices.demdex.net *.boldchat.com *.doubleclick.net *.originenergy.com.au origin-energy.formstack.com intercom-sheets.com widget.trustpilot.com *.optimizely.com *.youtube.com *.stripe.com; img-src 'self' *.originenergy.com.au origin-energy.formstack.com *.google.com *.google.com.au *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleusercontent.com *.doubleclick.net *.gstatic.com *.facebook.com *.facebook.net *.hotjar.com *.hotjar.io w.usabilla.com api.usabilla.com d6tizftlrpuof.cloudfront.net assets.adobedtm.com *.demdex.net *.everesttech.net cx.atdmt.com *.redditstatic.com *.reddit.com *.linkedin.com snap.licdn.com *.tiktok.com cdn.pdst.fm pixel.byspotify.com r.turn.com *.boldchat.com *.intercom.io *.intercomcdn.com static.intercomassets.com uploads.intercomusercontent.com www.intercom-reporting.com *.intercom-attachments-1.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com *.newrelic.com bam.nr-data.net *.fullstory.com *.maxmind.com *.youtube.com *.stripe.com *.survicate.com *.survicate-cdn.com braze-images.com res.cloudinary.com/originenergy/ data: google.com images.unsplash.com i.ytimg.com; object-src 'none'; |
| Via | 1.1 4ec881b9cff95ab6b1f20a72ee8404c4.cloudfront.net (CloudFront), 1.1 5090b605a7b968781de55827dd170bf2.cloudfront.net (CloudFront) |
| Vary | Accept-Encoding |
| X-Cache | Hit from cloudfront |
| Date | Mon, 21 Apr 2025 06:18:26 GMT |
| X-Amzn-Requestid | aec72f93-deeb-418d-9b62-08d70cb4082d |
| Cache-Control | max-age=1800, s-maxage=43200, stale-while-revalidate=86400, stale-if-error=172800 |
| X-Amz-Cf-Pop | SYD3-P2 |
| Strict-Transport-Security | max-age=31536000; includeSubDomains |
| Server | nginx |
| X-Frame-Options | SAMEORIGIN |
| X-Amz-Apigw-Id | JXAnBFFdywMEdvg= |
| X-Amzn-Trace-Id | Root=1-6805e15f-34e35c4a239b420f1d847d80;Sampled=1;Lineage=1:c508edde:0 |
| Age | 27934 |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar