| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Connection | keep-alive |
| Last-Modified | Thu, 03 Apr 2025 07:08:19 GMT |
| Vary | Accept-Encoding |
| X-Amz-Cf-Pop | CMH68-P1 |
| X-Xss-Protection | 1 |
| Expires | -1 |
| Content-Security-Policy | base-uri 'self' 'unsafe-inline'; child-src https: blob: 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com *.yotpo.com *.signifyd.com bam.nr-data.net *.google.com *.facebook.com 'self' 'unsafe-inline' www.instagram.com *.clarity.ms api.mapbox.com bat.bing.com google.com region1.google-analytics.com uscs31v2.ksearchnet.com maps.googleapis.com *.klevu.com *.klaviyo.com ct.pinterest.com wss://input.noibu.com *.noibu.com pz6r7p3h6u.us-west-2.awsapprunner.com *.criteo.com www.paypal.com *.doubleclick.net adserver.cluep.com *.flippenterprise.net cdn-gateflipp.flippback.com p.flipp.com payments.braintree-api.com *.braintreegateway.com js.braintreegateway.com; font-src data: *.yotpo.com fonts.gstatic.com static.formstack.com 'self' www.runnings.com static.klaviyo.com *.walmartimages.com *.amazonaws.com; frame-ancestors 'self' www.runnings.com; img-src www.runnings.com data: p.yotpo.com media.sezzle.com 'self' www.facebook.com www.paypalobjects.com maps.googleapis.com *.flippenterprise.net *.wishabi.net www.google-analytics.com www.googletagmanager.com *.cloudfront.net *.quantcount.com *.quantserve.com *.doubleclick.net *.criteo.com *.simpli.fi um.simpli.fi id5-sync.com rtb-csync.smartadserver.com contextual.media.net 'unsafe-inline' bat.bing.com www.google.com *.yotpo.com *.youtube.com *.googleapis.com www.google.com.ua www.instagram.com cfvod.kaltura.com www.googleadservices.com connect.facebook.net *.signifyd.com *.hotjar.com store.paradoxlabs.com c.clarity.ms res.cloudinary.com tools.applemediaservices.com *.googleusercontent.com www.google.ca www.google.co.uk insight.adsrvr.org *.adroll.com d.adroll.com blob: www.p65warnings.ca.gov x.bidswitch.net ib.adnxs.com *.casalemedia.com ad.360yield.com exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com pixel.rubiconproject.com sync-t1.taboola.com criteo-sync.teads.tv criteo-partners.tremorhub.com aa.agkn.com dpm.demdex.net sync.targeting.unrulymedia.com sync.1rx.io ad.yieldlab.net eb2.3lift.com public-prod-dspcookiematching.dmxleo.com adserver.cluep.com *.wishabi.com; media-src 'self' data: 'unsafe-inline' res.cloudinary.com www.runnings.com; object-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.runnings.com *.cloudmaestro.com *.googleapis.com *.google-analytics.com *.vaimo.net *.cloudfront.net *.google.com www.gstatic.com *.yotpo.com fonts.gstatic.com staticw2.yotpo.com assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.gstatic.com js.adsrvr.org cdn.noibu.com s.pinimg.com connect.facebook.net docs.paymentjs.firstdata.com *.wishabi.com *.flippenterprise.net *.flipp.com *.flippback.com *.googletagmanager.com *.secure.quantserve.com secure.quantserve.com *.duosecurity.com *.klevu.com blob: www.paypalobjects.com assets.adobedtm.com ct.pinterest.com www.paypal.com *.klaviyo.com *.quantcount.com *.quantserve.com *.doubleclick.net *.criteo.com *.simpli.fi www.googleadservices.com cdnapisec.kaltura.com 'unsafe-hashes' *.curtmfg.com *.hotjar.com bam-cell.nr-data.net maps.googleapis.com static.hotjar.com www.google-analytics.com www.google.com polyfill.io *.igodigital.com bat.bing.com mpsnare.iesnare.com www.clarity.ms www.youtube.com secure.adnxs.com *.algolianet.com cdn.jsdelivr.net *.newrelic.com 7228630.collect.igodigital.com/collect.js www.instagram.com data: cdn-widgetsrepository.yotpo.com www.googletagmanager.com js-agent.newrelic.com s.adroll.com *.adroll.com *.mountain.com *.clarity.ms *.sharethis.com region1.google-analytics.com adserver.cluep.com js.braintreegateway.com; upgrade-insecure-requests; worker-src www.runnings.com blob: 'self'; report-uri /.webscale/csp-report |
| Etag | W/"b29e7e4ff5f9580bccc465d5801623ae-gzip" |
| X-Magento-Cache-Debug | HIT |
| Pragma | no-cache |
| Date | Tue, 08 Apr 2025 10:33:00 GMT |
| X-Amz-Cf-Id | Pz2uYx83_bNAMxXeF5vVWuoYU1PNzZRlAx4yXFQEJMC8xdP3BP66-w== |
| X-Cache | RefreshHit from cloudfront |
| Via | 1.1 926b5281e2124486e0c9dadab33d1b9c.cloudfront.net (CloudFront), 1.1 varnish-6d8d85465d-r4bvp (Varnish/7.2) |
| Grace | none |
| Cache-Control | no-store, no-cache, must-revalidate, max-age=0 |
| Content-Type | text/html |
| Report-To | {"group":"webscaleCspEndpoint","max-age":10886400,"endpoints":[{"url":"https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor"}]} |
| Strict-Transport-Security | max-age=31557600 |
| X-Content-Type-Options | nosniff |
| Accept-Ranges | bytes |
| Section-Io-Tag | Hit |
| Section-Io-Id | 4077724b2467b25b46892e1f22dac476 |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar