HTTP Headers report for runnersworld.com

Header Name	Header Data
HTTP status code	200
Strict-Transport-Security	max-age=31557600; includeSubDomains
Cache-Control	max-age=0, must-revalidate, no-store, private
Connection	keep-alive
Content-Security-Policy	upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' https: https://accounts.google.com/gsi/; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://accounts.google.com/gsi/client; style-src data: 'unsafe-inline' https: https://accounts.google.com/gsi/style; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob: https://accounts.google.com/gsi/; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors 'none';
Link	<https://hips.hearstapps.com>; rel=preconnect,<https://cdn.cookielaw.org>; rel=preconnect
Referrer-Policy	no-referrer-when-downgrade
Age	603
Etag	"7lq25pbx88bfvh"
Accept-Ranges	bytes
Set-Cookie	mosb=; expires=Sat, 13 Apr 2024 21:25:56 GMT; secure; path=/;
Expires	Sun, 13 Apr 2025 21:15:51 GMT
Date	Sun, 13 Apr 2025 21:25:56 GMT
Server-Timing	time-start-msec;dur=1744579556860,time-elapsed;dur=1,fastly-pop;desc=AMS,hit-state;desc=HIT-STALE-CLUSTER
X-Cache	HIT, HIT
X-Country	NL
Alt-Svc	h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
Content-Type	text/html; charset=utf-8
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block
X-Robots-Tag	all

About the tool

By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.

This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.

We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.

Watch it now at TrustRadar