| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Content-Security-Policy | default-src 'self' *.sfstandard.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sfstandard.com iframely.shorthand.com sfs-shorthand-archive.s3.us-west-1.amazonaws.com platform.twitter.com cdn.ampproject.org www.instagram.com www.tiktok.com citizen.com www.gofundme.com embed.typeform.com embed.reddit.com pym.nprapps.org static.dwcdn.net platform.instagram.com *.ttwstatic.com analytics.shorthand.com www.youtube.com vimeo.com *.vimeo.com d3js.org cdn.parsely.com dash.parsely.com ak.sail-horizon.com www.googletagmanager.com *.google-analytics.com static.ads-twitter.com connect.facebook.net static.hotjar.com tru.am *.googlesyndication.com *.googleadservices.com script.hotjar.com www.google.com www.gstatic.com *.fillout.com tiktokcdn-us.com tiktokcdn.com *.tiktokcdn-us.com *.tiktokcdn.com opinionstage.com *.opinionstage.com documentcloud.org *.documentcloud.org *.p-n.io ketchcdn.com *.ketchcdn.com ketchjs.com *.ketchjs.com *.trackjs.com coral.sfstandard.app *.elfsight.com *.googleapis.com *.amplitude.com stripe.com *.stripe.com googleads.g.doubleclick.net public.flourish.studio *.chartbeat.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.sfstandard.com iframely.shorthand.com sfs-shorthand-archive.s3.us-west-1.amazonaws.com platform.twitter.com cdn.ampproject.org www.instagram.com www.tiktok.com citizen.com www.gofundme.com embed.typeform.com embed.reddit.com pym.nprapps.org static.dwcdn.net platform.instagram.com *.ttwstatic.com analytics.shorthand.com www.youtube.com vimeo.com *.vimeo.com d3js.org cdn.parsely.com dash.parsely.com ak.sail-horizon.com www.googletagmanager.com *.google-analytics.com static.ads-twitter.com connect.facebook.net static.hotjar.com tru.am *.googlesyndication.com *.googleadservices.com script.hotjar.com www.google.com www.gstatic.com *.fillout.com tiktokcdn-us.com tiktokcdn.com *.tiktokcdn-us.com *.tiktokcdn.com opinionstage.com *.opinionstage.com documentcloud.org *.documentcloud.org *.p-n.io ketchcdn.com *.ketchcdn.com ketchjs.com *.ketchjs.com *.trackjs.com coral.sfstandard.app *.elfsight.com *.googleapis.com *.amplitude.com stripe.com *.stripe.com googleads.g.doubleclick.net public.flourish.studio *.chartbeat.com; style-src 'self' 'unsafe-inline' *.sfstandard.com fonts.googleapis.com *.ttwstatic.com embed.typeform.com opinionstage.com *.opinionstage.com tiktokcdn-us.com *.tiktokcdn-us.com ketchcdn.com *.ketchcdn.com ketchjs.com *.ketchjs.com *.trackjs.com coral.sfstandard.app s3.amazonaws.com stripe.com *.stripe.com; img-src 'self' data: https:; font-src 'self' data: *.sfstandard.com fonts.gstatic.com use.typekit.net s3.amazonaws.com coral.sfstandard.app stripe.com *.stripe.com; connect-src 'self' *.sfstandard.com localhost:3000 *.analytics.google.com analytics.google.com *.google-analytics.com google-analytics.com api.sail-personalize.com api.sail-track.com *.ingest.sentry.io pagead2.googlesyndication.com *.g.doubleclick.net api.maptiler.com beacon.tru.am *.parsely.com www.facebook.com vc.hotjar.io metrics.hotjar.io content.hotjar.io ws.hotjar.com adservice.google.com wss://ws.hotjar.com vimeo.com api.typeform.com noembed.com cdn2.sfstandard.com cdn3.sfstandard.com opinionstage.com *.opinionstage.com *.p-n.io ketchcdn.com *.ketchcdn.com ketchjs.com *.ketchjs.com *.trackjs.com coral.sfstandard.app ws://coral.sfstandard.app ws://coral.sfstandard.app:3000 wss://coral.sfstandard.app poll.fm polls.polldaddy.com api.crowdsignal.com *.elfsight.com *.googleapis.com pushlycdn.com *.pushlycdn.com stripe.com *.stripe.com embed.reddit.com *.amplitude.com tiktokcdn-us.com *.tiktokcdn-us.com tiktok.com *.tiktok.com google.com *.google.com; frame-src 'self' *.sfstandard.com *.youtube.com youtube.com sfstandard.github.io vimeo.com *.vimeo.com datawrapper.dwcdn.net bandcamp.com www.google.com w.soundcloud.com playlist.megaphone.fm omny.fm open.spotify.com trytako.com www.trytako.com abc7news.com *.facebook.com facebook.com embed.documentcloud.org nextdoor.com embed.reddit.com platform.twitter.com www.tiktok.com calmatters-reparations-calculator.netlify.app www.googletagmanager.com www.google.com *.doubleclick.net www.instagram.com iframely.shorthand.com sfs-shorthand-archive.s3.us-west-1.amazonaws.com citizen.com form.typeform.com dash.parsely.com opinionstage.com *.opinionstage.com *.fillout.com coral.sfstandard.app stripe.com *.stripe.com streetstostability.com docs.google.com flo.uri.sh; object-src 'self' *.sfstandard.com data:; media-src 'self' *.sfstandard.com tiktokcdn-us.com *.tiktokcdn-us.com tiktok.com *.tiktok.com blob:; frame-ancestors 'self' *.sfstandard.com localhost:3000; upgrade-insecure-requests; block-all-mixed-content; report-uri https://o4504205219004416.ingest.sentry.io/api/4504205221232640/security/?sentry_key=642f02aaa96c4e679673d2642c3c2782; report-to csp-endpoint |
| Set-Cookie | zephr-session=2cb14d4d-929d-4cab-8735-b9511902211e; Path=/; Expires=Mon, 25 May 2026 07:59:01 GMT; Max-Age=34560000 |
| X-Middleware-Set-Cookie | zephr-session=2cb14d4d-929d-4cab-8735-b9511902211e; Path=/; Expires=Mon, 25 May 2026 07:59:01 GMT; Max-Age=34560000 |
| Sfs-Version-Id | 61f13519541a2a4d043cec378adc003a64a53247 |
| X-Rq | ams8 0 20 9980 |
| Connection | keep-alive |
| X-Powered-By | Express |
| Report-To | {"group":"csp-endpoint","max_age":10886400,"endpoints":[{"url":"https://o4504205219004416.ingest.sentry.io/api/4504205221232640/security/?sentry_key=642f02aaa96c4e679673d2642c3c2782"}]} |
| X-Frame-Options | SAMEORIGIN |
| Strict-Transport-Security | max-age=31536000 |
| Server | nginx |
| Date | Sun, 20 Apr 2025 07:59:03 GMT |
| Content-Type | text/html; charset=utf-8 |
| X-Cache | BYPASS |
| Etag | "hv6yux01zc6xhv" |
| Accept-Ranges | bytes |
| Vary | Accept-Encoding |
| Cache-Control | no-cache, must-revalidate, max-age=0, no-store |
| X-Content-Type-Options | nosniff |
| X-Xss-Protection | 0 |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar