| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| X-Cache-Hits | 0, 6, 1 |
| X-Xss-Protection | 1; mode=block |
| Connection | keep-alive |
| Strict-Transport-Security | max-age=31557600 |
| X-Cache | MISS, HIT, HIT |
| Content-Type | text/html; charset=UTF-8 |
| Cf-Cache-Status | DYNAMIC |
| Expires | Tue, 08 Apr 2025 13:51:32 GMT |
| X-Timer | S1744033891.455605,VS0,VE2265 |
| Date | Mon, 07 Apr 2025 20:01:38 GMT |
| Age | 22205 |
| Vary | Accept-Encoding,Cookie |
| X-Frame-Options | SAMEORIGIN |
| Report-To | {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=SIrcE2XCBOyB1fqxVEyOqje1D_Sl2e1CTtz2zObbQi4-1744056098-1.0.1.1-OaojLSCxna_MhVQC_zENgaXJhN9maJIXg8NYedO3CmPa9sHYGnoIAXgvD53EPGeWFzcFhAx1ggI4TMmo8Y.YZZL.DM_crRvRf5N5CwT2aqD6R3XKB2f58F7SmfKFyK_KE5g4X9aAuTvwBAJo7uQjmT_J8L5MEf46Nix81A6vqLt89u.UCmKeS_yOXamSUVS7Wt41n1m6Xw1G17HM0hlnYw"}],"group":"cf-lnamqnnzdgxbhper","max_age":86400} |
| X-Content-Type-Options | nosniff |
| X-Esi | 1 |
| X-Platform-Server | i-0ec55145e3d5f3f7e |
| X-Served-By | cache-iad-kjyo7100033-IAD, cache-iad-kjyo7100033-IAD, cache-rtm-ehrd2290029-RTM |
| Content-Security-Policy | base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com cdn.crobox.io api.crobox.com *.vimeo.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com cdn.crobox.io api.crobox.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline' *.vimeo.com; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com cdn.crobox.io api.crobox.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=SIrcE2XCBOyB1fqxVEyOqje1D_Sl2e1CTtz2zObbQi4-1744056098-1.0.1.1-OaojLSCxna_MhVQC_zENgaXJhN9maJIXg8NYedO3CmPa9sHYGnoIAXgvD53EPGeWFzcFhAx1ggI4TMmo8Y.YZZL.DM_crRvRf5N5CwT2aqD6R3XKB2f58F7SmfKFyK_KE5g4X9aAuTvwBAJo7uQjmT_J8L5MEf46Nix81A6vqLt89u.UCmKeS_yOXamSUVS7Wt41n1m6Xw1G17HM0hlnYw; report-to cf-lnamqnnzdgxbhper |
| Alt-Svc | h3=":443"; ma=86400 |
| Cf-Ray | 92cc1e36fb4e8e3f-AMS |
| Cache-Control | no-store, no-cache, must-revalidate, max-age=0 |
| X-Built-With | Hyva Themes |
| Pragma | cache |
| Traceresponse | 00-18340d95808d60f77b6d17c66a9240b3-ee1f67394f90851f-01 |
| X-Debug-Info | eyJyZXRyaWVzIjowfQ== |
| Server | cloudflare |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar