| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Content-Type | text/html; charset=utf-8 |
| Content-Security-Policy | block-all-mixed-content; frame-src 'self' https://*.uber.com https://*.ubereats.com http://*.cdn-net.com https://tr.snapchat.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://www.google.com/recaptcha/ https://auth.uberinternal.com https://gumi.criteo.com/ https://mug.criteo.com https://gum.criteo.com https://catalogs.uberinternal.com/ https://insight.adsrvr.org/ https://match.adsrvr.org https://s.amazon-adsystem.com/ bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net *.optimizely.com; worker-src 'self' blob:; child-src 'self' blob: bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net; connect-src 'self' 'self' https://*.uber.com https://duyt4h9nfnj50.cloudfront.net https://d3fa76b550dpw9.cloudfront.net https://d4p17acsd5wyj.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://dkl8of78aprwd.cloudfront.net https://cn-geo1.uber.com https://d1goeicueq33a8.cloudfront.net https://siteintercept.qualtrics.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://analytics.tiktok.com https://analytics.google.com https://ad.doubleclick.net https://dynamic.criteo.com https://widget.us.criteo.com https://widget.as.criteo.com https://widget.eu.criteo.com https://sslwidget.criteo.com https://tr.snapchat.com https://app.paypay.ne.jp https://stg.paypay-corp.co.jp https://image.paypay.ne.jp https://d1g1f25tn8m2e6.cloudfront.net https://www.google.com/pagead/landing https://googleads.g.doubleclick.net/pagead/landing https://dyguxp1m9tbrw.cloudfront.net https://tc2.uber.com https://u-vsm.tmobiapi.com https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://*.googleapis.com https://*.gstatic.com https://44.238.122.172 https://100.20.58.101 https://35.85.84.151 https://44.228.85.26 https://34.215.155.61 https://35.160.46.251 https://52.71.121.170 https://18.210.229.244 https://44.212.189.233 https://3.212.39.155 https://52.22.50.55 https://54.156.2.105 https://s.yimg.com/wi/config/10001384.json https://s.yimg.com/wi/config/10021978.json https://s.amazon-adsystem.com/ https://ara.paa-reporting-advertising.amazon/aat?pid=c60a8a71-60af-43f5-bfd9-287ba6caf848 https://insight.adsrvr.org/ events.uber.com api.mixpanel.com d3i4yxtzktqr9n.cloudfront.net *.optimizely.com *.google-analytics.com *.tealiumiq.com *.demdex.net https://api-js.mixpanel.com; manifest-src 'self' https://*.uber.com; form-action 'self' https://tr.snapchat.com https://www.facebook.com/tr/ https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com; frame-ancestors 'self' https://www.nimblerx.com https://static-team-ops.nimbleandsimple.com https://pharma.uber.com https://voalzira.online/ https://voalzira.online/minhaloja https://medmate.com.au https://order.manoosh.com.au https://test.expresskfc.com/ https://expresskfc.com/ https://www.test.expresskfc.com/ https://www.expresskfc.com/ https://kfccostarica.cr/ https://www.kfccostarica.cr/ https://express.dospinos.com/ https://mcstaging.dospinos.com/ https://shopuat.pxpay.com.tw/ https://shop.pxpay.com.tw/ https://app.cocinasocultas.com https://app.foodstarsuk.com https://app.pruebehubster.com https://app.pruebehubster.com.mx https://app.tryhubster.co.uk https://app.tryhubster.com https://app.tryhubster.com.au https://app.tryotter.com https://catalogs.uberinternal.com https://catalogs-staging.uberinternal.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com *.appspaces.ca *.paidshipping.com *.shiptime.com; object-src 'none'; script-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com 'nonce-7e08fc8c-8e6e-4ca0-8762-0f63c437613e' https://bat.bing.com https://*.qualtrics.com https://analytics.twitter.com http://www.googletagservices.com http://*.cdn-net.com https://sc-static.net https://tr.snapchat.com https://*.yjtag.jp https://yjtag.yahoo.co.jp https://b92.yahoo.co.jp https://*.yimg.jp https://*.outbrain.com https://www.redditstatic.com https://analytics.tiktok.com https://dynamic.criteo.com https://static.criteo.net https://sslwidget.criteo.com https://widget.us.criteo.com https://widget.as.criteo.com https://widget.eu.criteo.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://d4p17acsd5wyj.cloudfront.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://dca.ubereats.com https://phx.ubereats.com 'self' 'unsafe-eval' 'wasm-unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com https://*.googleusercontent.com https://ln-rules.rewardstyle.com/bookmarklet.js https://dx.mountain.com/spx https://gs.mountain.com/gs https://px.mountain.com/st https://js.adsrvr.org/up_loader.1.1.0.js https://js.adsrvr.org/universal_pixel.1.1.3.js https://www.clarity.ms/tag/uet/4050272 https://www.clarity.ms/s/ https://b99.yahoo.co.jp/pagead/conversion_async.js https://b98.yahoo.co.jp/pagead/conversion_async.js https://c.amazon-adsystem.com/aat/amzn.js 'unsafe-eval' script.crazyegg.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com maps.google.com tags.tiqcdn.com beacon.krxd.net cdn.krxd.net cdn.mxpnl.com www.googleadservices.com www.ziprecruiter.com analytics.recruitics.com edge.quantserve.com secure.quantserve.com connect.facebook.net cdn.nanigans.com api.nanigans.com *.adroll.com s.yimg.com sp.analytics.yahoo.com click.app-cast.com i.l.inmobicdn.net *.optimizely.com *.tealiumiq.com *.doubleclick.net static.ads-twitter.com https://www.google-analytics.com https://ssl.google-analytics.com maps.googleapis.com maps.google.com; style-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com https://api.tiles.mapbox.com https://fonts.googleapis.com; report-uri https://csp.uber.com/csp?a=web-eats-v2&ro=false |
| X-Frame-Options | ALLOW-FROM https://www.nimblerx.com |
| X-Uber-Edge-Cdn-Status | miss |
| X-Uber-Edge | e4-dca51:w:524115075,ufe:production-gcp:compute-0:dca18,gcp:production:default |
| X-Uber-Set-Cookie-V2 | %7B%22dId%22%3A%2287d20ae1-0248-409f-aadb-f16e890eb081%22%2C%22uev2.id.session%22%3A%22c1f85dff-ab6c-48bf-9d5b-73f0d415a5da%22%7D |
| X-Envoy-Upstream-Service-Time | 114 |
| X-Xss-Protection | 1; mode=block |
| Server | ufe |
| Via | 1.1 google |
| Link | <https://postmates.com/>; rel="alternate"; hreflang="en-US" |
| Set-Cookie | uev2.id.xp=532ca432-7569-40ce-b542-9a7561e5cc20; path=/; domain=postmates.com; secure; httponly |
| Strict-Transport-Security | max-age=31536000 |
| Cache-Control | max-age=0 |
| X-Content-Type-Options | nosniff |
| Alt-Svc | h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 |
| Date | Tue, 08 Apr 2025 12:04:32 GMT |
| Vary | Accept-Encoding,User-Agent |
| Server-Timing | rl;dur=90 |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar