| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| X-Frame-Options | DENY |
| Document-Policy | js-profiling |
| Content-Security-Policy | default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tyviso.com t.contentsquare.net app.contentsquare.com widget.trustpilot.com *.googleoptimize.com *.googletagmanager.com *.google-analytics.com *.ttwstatic.com *.tiktok.com *.instagram.com *.googleapis.com *.google.com *.gstatic.com *.ggpht.com *.googleusercontent.com *.googleadservices.com https://*.googlesyndication.com googleads.g.doubleclick.net analytics.google.com tagmanager.google.com *.dwin1.com bat.bing.com *.smct.co *.smct.io smct.co connect.facebook.net *.clarity.ms *.sail-horizon.com api.sail-personalize.com *.algolianet.com *.nickelled.com *.contentsquare.net challenges.cloudflare.com *.boldchat.com static.cloudflareinsights.com snap.licdn.com *.lambda-url.eu-west2.on.aws *.abtasty.com *.dwin1.com *.awin1.com *.zenaps.com *.netgreencolumn.com *.sciencebehindecommerce.com https://unpkg.com *.talkdeskapp.com *.talkdeskapp.eu app.termly.io lantern.roeyecdn.com *.creativecdn.com *.adscdn.com analytics.tiktok.com blob:; media-src 'self' data: videos.ctfassets.net; img-src 'self' data: www.parcel2go.com *.test.p2g.ninja *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com *.google-analytics.com *.googleoptimize.com *.google.co.uk *.google.ie *.netgreencolumn.com *.googletagmanager.com googleads.g.doubleclick.net fonts.gstatic.com c.contentsquare.net bat.bing.com *.facebook.com content.parcelsolutions.net images.ctfassets.net assets.ctfassets.net *.contentsquare.net *.doubleclick.net *.smct.co *.smct.io px.ads.linkedin.com *.linkedin.com *.clarity.ms *.bing.com *.ytimg.com *.abtasty.com *.awin1.com *.zenaps.com *.talkdeskdev.com *.talkdeskapp.com lantern.roeye.com *.googleadservices.com media.sailthru.com *.creativecdn.com ib.adnxs.com rt.udmserve.net data:; font-src 'self' https: data: fonts.gstatic.com *.abtasty.com; child-src 'self' blob:; frame-src 'self' *.parcel2go.com *.test.p2g.ninja pagead2.googlesyndication.com *.google.com *.facebook.com *.smct.co *.smct.io *.cloudfront.net *.youtube.com *.tiktok.com *.instagram.com widget.trustpilot.com td.doubleclick.net *.doubleclick.net *.awin1.com *.zenaps.com app.termly.io *.creativecdn.com *.abtasty.com *.talkdeskapp.com; style-src 'self' https: 'unsafe-inline' fonts.googleapis.com *.googletagmanager.com *.googleoptimize.com tagmanager.google.com *.abtasty.com; worker-src 'self' blob: *.parcel2go.com; connect-src 'self' *.parcel2go.com *.test.p2g.ninja *.serverless.p2g.systems *.tiktok.com apps.backoffice.parcel2go.com *.googleapis.com *.netgreencolumn.com *.google.com *.gstatic.com *.analytics.google.com *.google-analytics.com stats.g.doubleclick.net ampcid.google.com ampcid.google.ie insights.algolia.io *.parcelsolutions.net *.contentsquare.net *.ingest.sentry.io pagead2.googlesyndication.com api.sail-personalize.com *.smct.io *.smct.co *.clarity.ms cognito-identity.eu-west-1.amazonaws.com *.linkedin.oribi.io firehose.eu-west-1.amazonaws.com *.abtasty.com *.sciencebehindecommerce.com *.wepowerconnections.com *.talkdeskdev.com *.talkdeskapp.com app.termly.io googleads.g.doubleclick.net overlay-track.sailthru.cloud api.sail-track.com *.creativecdn.com www.google.ie bat.bing.com data: blob: *.talkdeskapp.eu analytics.tiktok.com; frame-ancestors app.contentful.com; |
| Via | 1.1 403878b7454f6fe706d117ca3ebbd716.cloudfront.net (CloudFront) |
| X-Content-Type-Options | nosniff |
| Connection | keep-alive |
| Alt-Svc | h3=":443"; ma=86400 |
| Referrer-Policy | strict-origin-when-cross-origin |
| Cf-Ray | 92bc6cb55bc2660a-AMS |
| Cache-Control | public, max-age=90, s-maxage=300, stale-while-revalidate=90, stale-if-error=300 |
| Cross-Origin-Opener-Policy | same-origin |
| Etag | W/"MTMwXzE0MTkzOTA2MDE0XzIwMjUtMDMtMzFUMTY6MjQ6MDkuMTU3Wg==" |
| X-Cache | Hit from cloudfront |
| Date | Sat, 05 Apr 2025 22:19:01 GMT |
| X-Amzn-Requestid | 12fc93f2-2ac4-4d93-94f2-a81109371eec |
| X-Amzn-Remapped-Content-Length | 622110 |
| Vary | Accept-Encoding |
| X-Amz-Cf-Pop | LHR50-P6 |
| Cf-Cache-Status | HIT |
| Age | 207 |
| Strict-Transport-Security | max-age=15552000; includeSubDomains |
| Content-Type | text/html; charset=utf-8 |
| X-Amz-Cf-Id | db8Nceg3zCglDcVBKjfNs8glIoJ-OAjFkVpOe7gZcwFxwMKgbT-xEQ== |
| X-Xss-Protection | 1 |
| Permissions-Policy | accelerometer=(), ambient-light-sensor=(), autoplay=(self), battery=(), camera=(self), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(self), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(self), gamepad=(), speaker-selection=() |
| Server | cloudflare |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar