| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Date | Fri, 11 Apr 2025 20:23:12 GMT |
| Strict-Transport-Security | max-age=63072000; includeSubDomains; preload |
| X-Content-Type-Options | nosniff |
| X-Xss-Protection | 1; mode=block |
| X-Middleton-Display | orig_site_sol |
| X-Powered-By | Express |
| Etag | W/"274e8-1PdBI9MiLmxyIwI/gBvvpH66wXw" |
| Expires | Thu, 10 Apr 2025 20:23:12 GMT |
| Pagespeed | off |
| Server | nginx |
| X-Ez-Proxy-Out | true 2.4 |
| Cache-Control | private, max-age=0, must-revalidate, no-cache, no-store |
| Response | 200 |
| Vary | Accept-Encoding |
| X-Middleton-Response | 200 |
| X-Sol | orig |
| Content-Security-Policy | script-src 'unsafe-inline' 'unsafe-eval' blob: *.preloved.co.uk *.thcdn.com *.cookielaw.org *.b-cdn.net *.affiliatefuture.com *.cloudfront.net *.sharethru.com *.media.net *.adventori.com *.amazon-adsystem.com onetag-sys.com *.omnitagjs.com *.zencdn.net *.2mdn.net *.33across.com *.openxcdn.net *.crwdcntrl.net *.sharethrough.com *.zenaps.com *.rokt.com *.googleadservices.com *.doubleverify.com *.doubleclick.net *.gstatic.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.co.uk *.dwin1.com *.realvu.net *.contentsquare.net *.facebook.net *.googletagmanager.com *.googletagservices.com *.ampproject.org *.cheqzone.com *.roeyecdn.com *.cpx.to *.jquery.com *.twitter.com *.googleapis.com *.scorecardresearch.com *.hotjar.com *.amazonaws.com *.gatekeeperconsent.com *.ezojs.com *.ezodn.com *.ezoic.net *.quantserve.com *.quantcount.com *.pubmatic.com *.4dex.io *.criteo.net *.script.ac *.openx.net btloader.com *.privacymanager.io *.fastclick.net *.hadronid.net *.id5-sync.com *.ad.gt *.adsafeprotected.com *.sascdn.com *.s-onetag.com *.moatads.com *.mookie1.com *.attentionxyz.com *.defybrick.com *.aniview.com *.plista.com *.attentionxyz.com *.adrta.com *.attentionxyz.com *.smilewanted.com *.flashtalking.com *.truste.com *.smartadserver.com *.adform.net *.fwmrm.net *.attentionxyz.com *.smadex.com *.revjet.com *.rubiconproject.com *.tyviso.com *.humix.com *.ezodn.com *.ezoic.net *.ezojs.com *.ezoic.com *.vidazoo.com *.geoedge.be *.serving-sys.com *.pghub.io *.media-amazon.com *.ad-score.com *.switchadhub.com *.uidapi.com *.browsiprod.com *.adtrafficquality.google *.creativecdn.com *.dotomi.com *.rqtrk.eu *.3lift.com *.adroll.com adrta.com *.trustarc.com; style-src 'unsafe-inline' 'report-sample' *.preloved.co.uk *.thcdn.com *.googleapis.com *.quantcount.com *.humix.com *.ezodn.com *.ezoic.net *.ezojs.com *.ezoic.com *.flashtalking.com *.media-amazon.com; img-src data: *.preloved.co.uk *.thcdn.com *.thcdn.com *.preloved.co.uk id5-sync.com *.mookie1.com *.360yield.com *.unrulymedia.com *.smaato.net *.sitescout.com *.akamaihd.net *.criteo.net *.humix.com *.openx.net *.1rx.io *.dotomi.com *.2mdn.net onetag-sys.com *.a-mo.net *.bidswitch.net creativecdn.com *.teads.tv *.taboola.com *.admanmedia.com *.amazon-adsystem.com *.bidr.io *.stickyadstv.com *.everesttech.net *.googletagmanager.com *.org.uk *.bing.com *.to *.heycar.co.uk *.thehut.net *.justpark.com *.cloudfront.net *.trustpilot.com *.google-analytics.com *.rubiconproject.com *.adnxs.com *.pubmatic.com *.adsensecustomsearchads.com *.facebook.com *.googlesyndication.com *.zenaps.com *.amazonaws.com *.blob.core.windows.net *.google.com *.google.co.uk *.roeye.com *.awin1.com *.cheqzone.com *.g.doubleclick.net *.doubleclick.net t.co *.scorecardresearch.com *.googleadservices.com *.ethicalpets.co.uk *.dogstrust.org.uk *.quantserve.com *.quantcount.com *.ezodn.com *.smartadserver.com *.media.net *.criteo.com *.adsrvr.org bttrack.com *.sharethrough.com *.adform.net ad-delivery.net *.ad.gt *.contextweb.com *.casalemedia.com *.sonobi.com *.omnitagjs.com *.seedtag.com *.ivitrack.com *.lporirxe.com *.demdex.net *.liadm.com *.yahoo.net *.admixer.net *.agkn.com *.gumgum.com *.lijit.com *.audrte.com *.yahoo.com *.semasio.net *.quantserve.com *.rfihub.com *.tapad.com *.justpremium.com *.defybrick.com *.aniview.com *.doubleverify.com *.moatads.com *.sportradarserving.com *.quantserve.com *.adsafeprotected.com *.turn.com *.quantserve.com *.blismedia.com *.smilewanted.com *.rlcdn.com *.ymmobi.com *.adotmob.com *.colossusssp.com *.storygize.net *.rezync.com *.33across.com *.company-target.com *.quantserve.com *.emxdgt.com *.metadsp.co.uk *.sojern.com *.zprk.io *.arrivalist.com *.zemanta.com *.smadex.com *.syndicatedsearch.goog syndicatedsearch.goog *.adkernel.com *.adition.com *.iqm.com *.presage.io *.google.ca *.humix.com *.ezodn.com *.ezoic.net *.ezojs.com *.ezoic.com *.w55c.net *.stackadapt.com *.disqus.com *.avct.cloud *.travelaudience.com *.flashtalking.com *.media-amazon.com *.facebook.net *.adtrafficquality.google *.harveylongsons.com *.cookielaw.org *.3lift.com *.indexww.com *.inmobi.com *.loopme.me *.opera.com *.rqtrk.eu *.outbrain.com *.trustarc.com *.adroll.com *.sharethis.com; font-src data: *.preloved.co.uk *.thcdn.com *.gstatic.com *.amazonaws.com *.cloudflare.com *.media-amazon.com *.humix.com *.ezodn.com *.ezoic.net *.ezojs.com *.ezoic.com *.flashtalking.com; connect-src data: *.preloved.co.uk *.thcdn.com *.thehut.net *.media.net *.amazon.dev *.smartadserver.com *.wepowerconnections.com *.openx.net *.yieldmo.com *.amazon-adsystem.com *.doubleverify.com *.adnxs.com *.adsrvr.org *.googlesyndication.com *.google-analytics.com cdn.cookielaw.org *.cpx.to *.gstatic.com *.doubleclick.net *.onetrust.com *.amazonaws.com *.gatekeeperconsent.com *.ezojs.com *.ezodn.com *.ezoic.net *.quantserve.com *.quantcount.com *.criteo.com *.rubiconproject.com *.a-mo.net *.a-mx.com *.smilewanted.com onetag-sys.com *.omnitagjs.com *.yahoo.com *.ad.gt id5-sync.com *.ltmsphrcl.net *.crwdcntrl.net *.sharethrough.com *.jsdelivr.net *.pubmatic.com *.4dex.io *.criteo.net *.eu-1-id5-sync.com *.33across.com btloader.com *.btloader.com *.privacymanager.io *.dotomi.com *.a2z.com *.intentiq.com *.lijit.com *.google.com *.s-onetag.com *.aniview.com *.sharethru.com *.amazon.com *.moatads.com *.px-cloud.net *.clean.gg *.id5-sync.com *.rlcdn.com *.smaato.net *.contextweb.com *.humix.com *.ezodn.com *.ezoic.net *.ezojs.com *.ezoic.com *.ampproject.org *.casalemedia.com *.ezoic.com *.flashtalking.com *.media-amazon.com *.ad-score.com *.unrulymedia.com *.adtrafficquality.google *.browsiprod.com *.ingage.tech *.rtbhouse.com *.onetag-sys.com *.googleadservices.com *.googletagservices.com *.cootlogix.com *.euid.eu *.3lift.com *.sonobi.com; media-src data: blob: *.humix.com *.ezodn.com *.ezoic.net *.ezojs.com *.ezoic.com *.2mdn.net *.flashtalking.com *.media-amazon.com *.criteo.net *.adform.net *.innovid.com *.adnxs-simple.com *.sharethis.com; object-src 'none'; frame-src data: *.preloved.co.uk *.adkernel.com *.disqus.com *.unrulymedia.com *.youtube.com *.doubleclick.net *.googleapis.com *.media.net *.smartadserver.com *.ad.gt *.googlesyndication.com syndicatedsearch.goog *.google.com *.googleadservices.com *.adsensecustomsearchads.com *.doubleclick.net *.yoti.com *.amazonaws.com *.amazon-adsystem.com *.cloudfront.net *.ezodn.com *.rubiconproject.com onetag-sys.com *.a-mo.net *.a-mx.com *.smilewanted.com *.omnitagjs.com *.criteo.com *.adnxs.com *.openx.net *.e-planning.net *.casalemedia.com *.pubmatic.com *.yieldmo.com *.2mdn.net *.lijit.com *.crcldu.com *.loopme.me *.crcldu.com *.vidoomy.com *.stickyadstv.com *.admanmedia.com *.disgus.com *.admixer.net *.1rx.io *.gamoshi.io *.aniview.com *.crcldu.com *.adgrx.com *.33across.com *.sascdn.com *.fwmrm.net *.bidr.io *.googleadservices.com *.contextweb.com *.humix.com *.ezodn.com *.ezoic.net *.ezojs.com *.ezoic.com *.zemanta.com *.adsrvr.org *.flashtalking.com *.media-amazon.com crclcdu.com *.paa-reporting-advertising.amazon *.indexww.com *.googletagmanager.com *.adtrafficquality.google *.3lift.com *.cootlogix.com; form-action 'self' *.preloved.co.uk checkout.preloved.co.uk; upgrade-insecure-requests; base-uri *.preloved.co.uk; report-uri https://www.preloved.co.uk/t/csp-report |
| Content-Type | text/html; charset=utf-8 |
| Display | orig_site_sol |
| X-Ezoic-Cdn | Bypass |
| X-Frame-Options | SAMEORIGIN |
| X-Via | gb1-li-plweb-006.io.thehut.local http |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar