| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Content-Security-Policy | img-src 'self' *.adsymptotic.com *.atdmt.com *.cloudinary.com *.facebook.com *.google.ca/ads/ga-audiences *.google.com *.mapbox.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.gstatic.com *.googleadservices.com *.liadm.com *.linkedin.com *.sonder.com data: maps.googleapis.com maps.gstatic.com *.adyen.com *.adyenpayments.com https://bat.bing.com *.paypal.com *.paypalobjects.com https://s.pinimg.com https://ct.pinterest.com https://*.marriott.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; connect-src 'self' *.cookielaw.org *.doubleclick.net *.greenhouse.io *.liadm.com *.segment.com *.mapbox.com *.segment.io *.analytics.sonder.com *.sndr.to *.sonder.com *.sonder.test https://*.sonder-preview.com https://*.analytics.sonder-preview.com https://*.browser-intake-datadoghq.com https://*.logs.datadoghq.com https://privacyportal.onetrust.com/request/v1/consentreceipts https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net *.googleadservices.com https://google.com/pay https://www.facebook.com/tr/ https://cdn.linkedin.oribi.io/partner/1571068/domain/sonder.com/token maps.googleapis.com *.adyen.com *.adyenpayments.com *.sentry.io *.paypal.com *.paypalobjects.com https://s.pinimg.com https://ct.pinterest.com *.grafana.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat ; script-src 'self' 'unsafe-inline' assets.sonder.com *.google-analytics.com *.greenhouse.io *.liadm.com *.paypal.com *.paypalobjects.com https://cdn.cookielaw.org https://cdn.segment.com https://evs.analytics.sonder.com https://evs.analytics.sonder-preview.com https://connect.facebook.net https://geolocation.onetrust.com https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com/gtm/js https://*.g.doubleclick.net https://*.doubleclick.net *.googleadservices.com https://js.adsrvr.org https://maps.googleapis.com https://snap.licdn.com https://static.cloudflareinsights.com https://www.datadoghq-browser-agent.com https://www.googleadservices.com https://*.googletagmanager.com https://www.google.com/recaptcha/enterprise.js https://*.google.com *.gstatic.com js.stripe.com *.adyen.com *.adyenpayments.com https://bat.bing.com https://s.pinimg.com/ct/core.js https://s.pinimg.com https://ct.pinterest.com https://unpkg.com ; worker-src blob: |
| X-Dns-Prefetch-Control | off |
| Expect-Ct | max-age=0 |
| Vary | Accept-Encoding |
| X-Envoy-Upstream-Service-Time | 169 |
| Server | cloudflare |
| Cf-Ray | 92d182c39c036662-AMS |
| Connection | keep-alive |
| X-Request-Id | ad44666a-ed5e-96ca-a559-21fe5c1d1de3 |
| X-Frame-Options | SAMEORIGIN |
| X-Permitted-Cross-Domain-Policies | none |
| X-Powered-By | Next.js |
| X-Response-Time | 161.300ms |
| Cf-Cache-Status | DYNAMIC |
| Content-Type | text/html; charset=utf-8 |
| X-Trace-Id | 170ad79771cbdf48d64454a4aa4a5aa2 |
| X-Download-Options | noopen |
| X-Content-Type-Options | nosniff |
| Set-Cookie | experiment_target_key=98cb2a54-0a66-43e9-a54b-c5a13c252f9b; Domain=.sonder.com; Path=/; HttpOnly; Secure |
| Cache-Control | private, no-cache, no-store, max-age=0, must-revalidate |
| Date | Tue, 08 Apr 2025 11:44:06 GMT |
| Strict-Transport-Security | max-age=2592000; includeSubDomains; preload |
| Referrer-Policy | strict-origin-when-cross-origin |
| X-Xss-Protection | 0 |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar