| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Cf-Cache-Status | DYNAMIC |
| Age | 15970 |
| X-Platform-Server | i-004c2a9b9a8cf70ba |
| Server | cloudflare |
| Alt-Svc | h3=":443"; ma=86400 |
| Expires | Fri, 18 Apr 2025 21:40:16 GMT |
| Pragma | cache |
| Report-To | {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=eEwyvvfzxO58jCBmWCDVb8amwa.olNYTJvyLSnhTQrk-1744941987-1.0.1.1-ypvrtkSfZtS.VDp8u0LXRfSbbz_c62DJXSOBAL0Qs3YkqQ30L0_82VhdTV33xxeJRI7oAnNofOFG_6BRv3dKSrQJsHHvrktSjSkae4cgNAUVdVnP59JA.tKBzb75jFOJ5V5I5bjSA1QTwS8NR1TZZ8fxYzbZYqz_3wrYkDV1PoHbG8J1xhbQa8ruvnR_lbKYoK89QvbSvxJZ_cg58pJ4HQ"}],"group":"cf-ylspjulxwmscnogg","max_age":86400} |
| Cache-Control | no-store, no-cache, must-revalidate, max-age=0 |
| Strict-Transport-Security | max-age=31557600 |
| X-Frame-Options | SAMEORIGIN |
| Content-Type | text/html; charset=UTF-8 |
| X-Built-With | Hyva Themes |
| X-Debug-Info | eyJyZXRyaWVzIjowfQ== |
| Content-Security-Policy | base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src http: https: blob: 'self' 'unsafe-inline'; connect-src *.rapidspike.com www.cloudflare.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net dpm.demdex.net api.magento.com commerce.adobe.io performance.typekit.net commerce.adobe.net amcglobal.sc.omtrdc.net google.com us-central1-adaptive-growth.cloudfunctions.net app-measurement.com doubleclickbygoogle.com doubleclick.com doubleclick.net googleadservices.com googlesyndication-cn.com googlesyndication.com googletagservices.com *.google.co.uk *.google.fr *.google.de *.google.es *.google.it *.google.nl *.google.be *.google.pl *.google.se *.google.ie *.google.dk *.google.pt *.google.gr *.google.fi *.google.cz *.google.hu *.google.at *.google.ro *.google.sk *.google.si *.google.bg *.google.hr *.google.lt *.google.lv *.google.ee *.google.mt *.google.cy *.google.lu *.google.us *.google.com.au *.google.ca *.google.com.pr *.google.com.mx *.google.co.cr www.recaptcha.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googlesyndication.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.stripe.network brilliantcollector.com *.brilliantcollector.com *.newrelic.com *.nr-data.net *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.clarity.ms bat.bing.com api.crobox.com cdn.crobox.io static.klaviyo.com static-forms.klaviyo.com fast.a.klaviyo.com a.klaviyo.com static-tracking.klaviyo.com telemetrics.klaviyo.com kustomerapp.com *.kustomerapp.com knowledge-base.osprey.com locally.com *.locally.com api.addressy.com ekr.zdassets.com parcellab.com *.parcellab.com ct.pinterest.com pinterest.com *.pixriot.com *.storeimaging.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com *.kaltura.com *.criteo.com conversions-config.reddit.com rapid-cdn.yottaa.com *.yottaa.net *.impactcdn.com osprey.pxf.io *.tiktok.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com *.trustarc.com cdn.jsdelivr.net insights.algolia.io *.sheerid.com mpsnare.iesnare.com *.pndsn.com p2iqhncxyh.execute-api.eu-central-1.amazonaws.com; font-src use.typekit.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustarc.com cdn.crobox.io *.klaviyo.com kustomerapp.com *.kustomerapp.com knowledge-base.osprey.com use.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.adobe.com *.vimeo.com download-video.akamaized.net *.osprey.com blob: data: 'self' 'unsafe-inline' *.vimeocdn.com; object-src 'self' 'unsafe-inline'; style-src *.adobe.com *.klaviyo.com parcellab.com *.parcellab.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com *.googleapis.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com cdn.jsdelivr.net *.typekit.net; worker-src 'self' 'unsafe-inline' 'unsafe-eval' osprey.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=eEwyvvfzxO58jCBmWCDVb8amwa.olNYTJvyLSnhTQrk-1744941987-1.0.1.1-ypvrtkSfZtS.VDp8u0LXRfSbbz_c62DJXSOBAL0Qs3YkqQ30L0_82VhdTV33xxeJRI7oAnNofOFG_6BRv3dKSrQJsHHvrktSjSkae4cgNAUVdVnP59JA.tKBzb75jFOJ5V5I5bjSA1QTwS8NR1TZZ8fxYzbZYqz_3wrYkDV1PoHbG8J1xhbQa8ruvnR_lbKYoK89QvbSvxJZ_cg58pJ4HQ; report-to cf-ylspjulxwmscnogg |
| X-Cache | MISS, HIT, HIT |
| X-Content-Type-Options | nosniff |
| X-Served-By | cache-iad-kcgs7200170-IAD, cache-iad-kcgs7200077-IAD, cache-rtm-ehrd2290055-RTM |
| Date | Fri, 18 Apr 2025 02:06:27 GMT |
| Connection | keep-alive |
| Cf-Ray | 93209a5fcda3b8b4-AMS |
| X-Timer | S1744926016.705003,VS0,VE2653 |
| X-Xss-Protection | 1; mode=block |
| Traceresponse | 00-183738f75d86a78998018be8e514ed47-583e8d4efe0312d5-01 |
| X-Cache-Hits | 0, 12, 0 |
| X-Esi | 1 |
| Vary | Accept-Encoding,Cookie |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar