| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Permissions-Policy | accelerometer=(), camera=(), gyroscope=(), magnetometer=(), microphone=(), payment=() |
| X-Nextjs-Cache | HIT |
| X-Powered-By | Next.js |
| Date | Sat, 19 Apr 2025 01:29:52 GMT |
| Cache-Control | s-maxage=5, stale-while-revalidate |
| Strict-Transport-Security | max-age=31536000 |
| Request-Context | appId=cid-v1: |
| Cross-Origin-Resource-Policy | cross-origin |
| Cf-Cache-Status | DYNAMIC |
| Server | cloudflare |
| Cf-Ray | 9328a225888f7aa7-AMS |
| X-Content-Type-Options | nosniff |
| X-Frame-Options | SameOrigin |
| Content-Type | text/html; charset=utf-8 |
| Referrer-Policy | strict-origin-when-cross-origin |
| X-Permitted-Cross-Domain-Policies | none |
| Cross-Origin-Opener-Policy | same-origin |
| Content-Security-Policy | default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.royalnavy.mod.uk www.bing.com bat.bing.com cn.bing.com ssl.google-analytics.com www.google-analytics.com cdnjs.cloudflare.com ajax.googleapis.com www.googletagmanager.com www.googleadservices.com www.gstatic.com static.ads-twitter.com npmcdn.com rum-static.pingdom.net c5.adalyser.com c3.adalyser.com static.hotjar.com script.hotjar.com connect.facebook.net analytics.twitter.com dev.virtualearth.net googleads.g.doubleclick.net insights.hotjar.com rules.quantcount.com s.ytimg.com secure.adnxs.com secure.quantserve.com static.doubleclick.net *.virtualearth.net tracking.adalyser.com www.google.co.uk www.google.com www.youtube.com js-agent.newrelic.com bam.nr-data.net tagmanager.google.com cdn.cookielaw.org optanon.blob.core.windows.net sc-static.net twitter.com optimize.google.com code.jquery.com geolocation.onetrust.com js.adsrvr.org p.teads.tv acdn.adnxs.com rafd.bing.com s.pinimg.com snap.licdn.com iframely.shorthand.com r.bing.com livechat-static-de-uk1.niceincontact.com web-modules-de-uk1.niceincontact.com tr.snapchat.com *.figpii.com www.redditstatic.com ct.pinterest.com cc.cdn.civiccomputing.com;object-src 'self';style-src 'self' 'unsafe-inline' cloud.typography.com www.royalnavy.mod.uk ajax.googleapis.com fonts.googleapis.com www.bing.com cn.bing.com www.youtube.com tagmanager.google.com cdn.cookielaw.org optanon.blob.core.windows.net optimize.google.com rafd.bing.com r.bing.com livechat-static-de-uk1.niceincontact.com web-modules-de-uk1.niceincontact.com *.figpii.com www.googletagmanager.com;img-src 'self' data: *;media-src 'self' *.royalnavy.mod.uk rn-ai-assistant-videos.s3.eu-west-2.amazonaws.com livechat-static-de-uk1.niceincontact.com web-modules-de-uk1.niceincontact.com;frame-src 'self' *.youtube.com *.facebook.com vars.hotjar.com www.bing.com bid.g.doubleclick.net 1184382.fls.doubleclick.net 2673654.fls.doubleclick.net www.googletagmanager.com www.google.com connect.facebook.net 8305528.fls.doubleclick.net 5832330.fls.doubleclick.net 8483884.fls.doubleclick.net tr.snapchat.com www.youtube-nocookie.com optimize.google.com insight.adsrvr.org d1eoo1tco6rr5e.cloudfront.net match.adsrvr.org rn-livestream.uat.finervision.com rn-virtual-events.com iframely.shorthand.com www.pinterest.com www.pinterest.co.uk ct.pinterest.com td.doubleclick.net fledge.teads.tv p.teads.tv livechat-static-de-uk1.niceincontact.com web-modules-de-uk1.niceincontact.com;font-src 'self' data: *.royalnavy.mod.uk fonts.gstatic.com livechat-static-de-uk1.niceincontact.com web-modules-de-uk1.niceincontact.com;connect-src 'self' *.royalnavy.mod.uk navysc.dev.local navy2sc.dev.local cdn.cookielaw.org tracking.adalyser.com c3.adalyser.com *.hotjar.com *.virtualearth.net www.bing.com *.facebook.com stats.g.doubleclick.net www.google-analytics.com wss://*.hotjar.com rum-collector-2.pingdom.net ssl.google-analytics.com tiles.virtualearth.net www.google.co.uk www.google.com vc.hotjar.io adservice.google.com ct.pinterest.com tr.snapchat.com channels-de-uk1.niceincontact.com wss://chat-gateway-de-uk1.niceincontact.com region1.google-analytics.com cdn.linkedin.oribi.io app-de-uk1.niceincontact.com www.googletagmanager.com metrics.hotjar.io cm.teads.tv t.teads.tv px.ads.linkedin.com tr6.snapchat.com *.figpii.com googleads.g.doubleclick.net www.redditstatic.com pixel-config.reddit.com conversions-config.reddit.com wss://chat-gw-de-uk1.niceincontact.com apikeys.civiccomputing.com fonts.gstatic.com location-de-uk1.niceincontact.com;frame-ancestors 'self';report-uri https://cd.royalnavy.mod.uk/api/csp/submit; |
| Connection | keep-alive |
| Vary | Accept-Encoding |
| X-Xss-Protection | 1; mode=block |
| Cross-Origin-Embedder-Policy | unsafe-none |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar