HTTP Headers report for scotrail.co.uk

Header Name	Header Data
HTTP status code	200
Content-Language	en
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Magic-Dynamic-Cache	MISS
Alt-Svc	h3=":443"; ma=86400
Date	Wed, 16 Apr 2025 20:37:07 GMT
Connection	keep-alive
Referrer-Policy	origin-when-cross-origin
X-Xss-Protection	1; mode=block
Cf-Cache-Status	HIT
Server	cloudflare
Cf-Ray	93167a908fa20be3-AMS
Content-Type	text/html; charset=UTF-8
Vary	Cookie,Accept-Encoding
X-Magic-Cache	HIT
Expires	Sun, 19 Nov 1978 05:00:00 GMT
Content-Security-Policy-Report-Only	default-src 'self' https://.scotrail.co.uk/; connect-src 'self' https://.scotrail.co.uk/ https://content.jwplatform.com/ https://assets-jpcust.jwpsrv.com/ https://prd.jwpltx.com/ https://s3.eu-west-2.amazonaws.com/ https://videos-fms.jwpsrv.com/ https://.nr-data.net/ https://bat.bing.com/ https://consentcdn.cookiebot.com/ https://.jwplatform.com/ https://.googlesyndication.com/ https://r1.trackedweb.net/ https://stats.g.doubleclick.net/ https://svc.webspellchecker.net/ https://www.facebook.com/ https://www.google-analytics.com/ https://www.google.com/ https://web.facebook.com/ https://videos-cloudflare.jwpsrv.com/ https://www.googletagmanager.com/ https://.hotjar.com/ wss://.hotjar.com/ https://pagead2.googlesyndication.com/pagead/ https://vc.hotjar.io/ https://cdn.jwplayer.com/ https://www.daysoutguide.co.uk/ https://adservice.google.com/ https://maps.googleapis.com/ https://.clarity.ms/ https://region1.analytics.google.com/ https://ib.adnxs.com/pixie/ https://tr.snapchat.com/ https://analytics.tiktok.com/api/v2/ https://static1.r66net.com/adv/ https://cm.teads.tv/v2/ https://tr6.snapchat.com/ https://i.ctnsnet.com/int/ https://analytics.tiktok.com/api/v2/pixel/act https://t.teads.tv/ https://l.sharethis.com/ https://.teads.tv/ https://analytics.tiktok.com/api/v2/pixel/ https://event.zpbt.uk/send/ https://consent.cookiebot.eu/ https://region1.google-analytics.com/g/ https://consentcdn.cookiebot.eu/consentconfig/; font-src 'self' https://.scotrail.co.uk https://svc.webspellchecker.net https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://pfw-prod-ukwest-safespaceonline.azurewebsites.net; frame-src 'self' https://.scotrail.co.uk https://consentcdn.cookiebot.com https://www.booking.com https://www.google.com https://www.youtube.com https://servedby.flashtalking.com https://vars.hotjar.com https://www.facebook.com https://web.facebook.com https://.realexpayments.com https://content.jwplatform.com/ https://bid.g.doubleclick.net/ https://platform.twitter.com/ https://player.vimeo.com/ https://servedby.flashtalking.com/ https://e.issuu.com https://gateway.zscalerthree.net/ https://videos-fms.jwpsrv.com/ https://gateway.zscloud.net/ https://login.zscloud.net https://m.facebook.com https://gateway.zscalertwo.net/ https://gateway.zscaler.net https://fast.wistia.net/ https://www.booking.com/ https://account.booking.com/ https://secure.booking.com/ https://cdn.jwplayer.com/ https://www.googletagmanager.com/ https://9234252.fls.doubleclick.net/ https://td.doubleclick.net/ https://tr.snapchat.com/ https://consentag.eu/ https://consentcdn.cookiebot.eu/; img-src 'self' data: https://.scotrail.co.uk/ https://content.jwplatform.com/ https://prd.jwpltx.com/ https://s3.eu-west-2.amazonaws.com/ https://assets-jpcust.jwpsrv.com/ https://bat.bing.com/ https://cdn.ckeditor.com/ https://maps.gstatic.com/ https://fonts.googleapis.com/ https://maps.googleapis.com/ https://pagead2.googlesyndication.com/ https://translate.google.com/ https://www.gstatic.com/ https://content.jwplatform.com/v2/media/ https://www.daysoutguide.co.uk/media/ https://ssl.google-analytics.com/ https://.jwpltx.com/ https://.fls.doubleclick.net/ https://cdn.jwplayer.com/ https://.bing.com https://adservice.google.com/ https://www.facebook.com/ https://pfw-prod-ukwest-safespaceonline.azurewebsites.net/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://.jwplayer.com/ https://ad.doubleclick.net/ https://ad.doubleclick.net https://t.co/1/i/ https://analytics.twitter.com/1/i/ https://t.teads.tv/ https://pixel.quantserve.com/ https://ib.adnxs.com/ https://ks1.invibes.com/Stat/ https://ks1.b26net.com/ https://secure.adnxs.com/ https://imgsct.cookiebot.com/ https://ks1.invibes.com/ https://platform-cdn.sharethis.com/img/ https://b.tile.openstreetmap.org/ https://.tile.openstreetmap.org/ https://ade.googlesyndication.com/ddm/activity/ https://img.sct.eu1.usercentrics.eu/; media-src 'self' https://.scotrail.co.uk/ https://www.youtube.com/ https://.jwpsrv.com/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.scotrail.co.uk/ https://connect.facebook.net/ https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/consentconfig/ https://content.jwplatform.com/players/ https://d3js.org/d3.v5.min.js https://js-agent.newrelic.com/nr-1071.min.js https://maps.googleapis.com/maps/api/ https://s3.eu-west-2.amazonaws.com/aga-javascript/swfobject.js https://ssl.p.jwpcdn.com/player/v/8.20.2/jwplayer.core.controls.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/ https://js-agent.newrelic.com/ https://www.youtube.com/iframe_api/ https://static.cloudflareinsights.com/ https://bam-cell.nr-data.net/ https://www.google-analytics.com/ https://cdn-4.convertexperiments.com/js/ https://static.hotjar.com/ https://script.hotjar.com/ https://static.ads-twitter.com/ https://p.teads.tv/ https://secure.quantserve.com/ https://track.zpbt.uk/ https://bat.bing.com/ https://sc-static.net/ https://static.trackedweb.net/js/ https://k.a14net.com/GetAnalytics https://acdn.adnxs.com/dmp/up/ https://consentag.eu/public/ https://analytics.tiktok.com/i18n/pixel/ https://rules.quantcount.com/ https://tr.snapchat.com/config/ https://static.r66net.net/script_s1/ https://cdn.ctnsnet.com/ase/fetch/scraper/ https://td.yieldify.com/yieldify/ https://buttons-config.sharethis.com/js/ https://consent.cookiebot.eu/ https://consentcdn.cookiebot.eu/consentconfig/ https://cdn.jsdelivr.net platform-api.sharethis.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://.scotrail.co.uk/ https://connect.facebook.net/ https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/consentconfig/ https://content.jwplatform.com/players/ https://d3js.org/d3.v5.min.js https://js-agent.newrelic.com/nr-1071.min.js https://maps.googleapis.com/maps/api/ https://s3.eu-west-2.amazonaws.com/aga-javascript/swfobject.js https://ssl.p.jwpcdn.com/player/v/8.20.2/jwplayer.core.controls.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/ https://js-agent.newrelic.com/ https://www.youtube.com/iframe_api/ https://static.cloudflareinsights.com/ https://bam-cell.nr-data.net/ https://www.google-analytics.com/ https://cdn-4.convertexperiments.com/js/ https://static.hotjar.com/ https://script.hotjar.com/ https://static.ads-twitter.com/ https://p.teads.tv/ https://secure.quantserve.com/ https://track.zpbt.uk/ https://bat.bing.com/ https://sc-static.net/ https://static.trackedweb.net/js/ https://k.a14net.com/GetAnalytics https://acdn.adnxs.com/dmp/up/ https://consentag.eu/public/ https://analytics.tiktok.com/i18n/pixel/ https://rules.quantcount.com/ https://tr.snapchat.com/config/ https://static.r66net.net/script_s1/ https://cdn.ctnsnet.com/ase/fetch/scraper/ https://td.yieldify.com/yieldify/ https://buttons-config.sharethis.com/js/ https://consent.cookiebot.eu/ https://consentcdn.cookiebot.eu/consentconfig/ https://cdn.jsdelivr.net platform-api.sharethis.com; style-src 'self' 'report-sample' 'unsafe-inline' https://.scotrail.co.uk/ https://cdn.ckeditor.com/ https://svc.webspellchecker.net/ https://translate.googleapis.com/ https://fonts.googleapis.com/ https://use.fontawesome.com/releases/ https://pfw-prod-ukwest-safespaceonline.azurewebsites.net/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net; base-uri 'self' https://.scotrail.co.uk; report-uri https://altcom.report-uri.com/r/d/csp/wizard
X-Content-Type-Options	nosniff
Last-Modified	Wed, 16 Apr 2025 13:20:01 GMT
Age	967
Cache-Control	max-age=21600, public

About the tool

By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.

This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.

We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.

Watch it now at TrustRadar