| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| X-Oneagent-Js-Injection | true |
| X-Ruxit-Js-Agent | true |
| Access-Control-Allow-Origin | * |
| X-Correlation-Id | 38bc262d-b098-490c-8a43-5e8a183e6872 |
| Access-Control-Allow-Credentials | true |
| Content-Security-Policy | default-src 'self' 'unsafe-inline' 'unsafe-eval' optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com *.youtube-nocookie.com *.gstatic.com *.google.com.mx *.optimizely.com *.polariscvc.com *.polarisapi.com *.adsrvr.org *.trustarc.com *.kenect.com bam.nr-data.net *.newrelic.com *.googleapis.com browser-update.org *.visualstudio.com *.windows.net *.msecnd.net *.trkn.us *.bing.com *.connexity.net *.alcmpn.com *.alocdn.com *.addthis.com *.opendns.com *.stickyadstv.com *.cloudflare.com *.polarisapi.com *.ctfassets.net *.youtube.com *.cloudflare.com *.aspnetcdn.com *.windows.net dnsl4xr6unrmf.cloudfront.net *.google.com blob: *.episerver.net *.doubleclick.net *.contentsquare.net screencaptue-cdn.kampyle.com api.offerpop.com screencapture.kampyle.com wyng.io *.cdninstagram.com *.wyng.com *.opticalanalytics.io ajax.googleapis.com cdn.auth0.com *.polaris.com cloudfront.loggly.com fonts.googleapis.com fonts.gstatic.com nebula-cdn.kampyle.com polaris-tagging-prod.azureedge.net polaris-tagging-tagserver-prod.azurewebsites.net s.ytimg.com *.hotjar.com *.hotjar.io udc-neb.kampyle.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.youtube.com servedby.flashtalking.com data: logs-01.loggly.com login.dotomi.com maps.googleapis.com cdn.jsdelivr.net maps.gstatic.com connect.facebook.net www.facebook.com *.buzzsprout.com *.paypalobjects.com cdn.us.zip.co d79i1fxsrar4t.cloudfront.net *.firstdata.com unpkg.com wss://*.hotjar.com cdn.datamanager.arinet.com *.livechatinc.com wss://api.livechatinc.com *.kampyle.com *.curalate.com *.quadpay.com *.quadpay.ca qp-merchant-configs-prd.azureedge.net cdn.ca.zip.co gateway.us.zip.co *.smartystreets.com us-autocomplete.api.smartystreets.com *.bazaarvoice.com *.rlcdn.com *.iesnare.com *.tribalfusion.com *.linkedin.com snap.licdn.com *.azureedge.net *.azurefd.net p.adsymptotic.com img.youtube.com i.ytimg.com use.fontawesome.com *.arinet.com *.cloudfront.net screencapture-cdn.kampyle.com www.paypalobjects.com stats.g.doubleclick.net cdn.livechatinc.com googleads.g.doubleclick.net secure.livechatinc.com static.doubleclick.net bid.g.doubleclick.net cdn.linkedin.oribi.io *.yahoo.com *.openx.net *.google-analytics.com www.google.fr *.typeform.com *.google.fr *.google.es *.google.pt *.google.co.uk *.google.ch *.google.no *.google.fi *.goole.au *.google.co.nz *.google.ie *.google.se *.google.de *.google.at incentivesnetwork.net *.incentivesnetwork.net *.tribalfusion.com incentives-autohook-ppd.usaitechdev.com share.livechat.com *.livechat.com cdn.livechat-static.com pay.google.com prd-cdn.driveautohook.com google.com analytics.tiktok.com s.pinimg.com *.redditstatic.com bit.ly *.privacymanager.io api.rlcdn.com *.reddit.com *.pinterest.com https://*.decibel.com *.decibelinsight.net wss://collection.decibelinsight.net analytics-fe.digital-cloud-us-main.medallia.com *.medallia.com; |
| X-Xss-Protection | 1; mode=block |
| Cf-Ray | 93308e9dab339ffc-AMS |
| Content-Type | text/html; charset=utf-8 |
| Set-Cookie | AWSALB=c1kjsVNI7/Lkq0b85FoDCGSUTuc+E7qqdWz2N+scauNQoQA9uGqGcOl/ZTfZ0a9TdyyB30DVaswDLF+cHautcDwlKzz+a9s+YmGurchIo6pzxx2YvD9BLZu7HQau; Expires=Sun, 27 Apr 2025 00:34:38 GMT; Path=/ |
| Access-Control-Allow-Methods | GET |
| X-Frame-Options | SAMEORIGIN |
| Strict-Transport-Security | max-age=31536000; includeSubDomains |
| Cf-Cache-Status | DYNAMIC |
| Connection | keep-alive |
| Vary | Accept-Encoding |
| Access-Control-Allow-Headers | X-Requested-With, origin, content-type, accept |
| Server-Timing | dtSInfo;desc="0", dtRpid;desc="-1635154547" |
| X-Content-Type-Options | nosniff |
| Server | cloudflare |
| Date | Sun, 20 Apr 2025 00:34:38 GMT |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar