HTTP Headers report for stats.govt.nz

Header Name	Header Data
HTTP status code	200
Content-Security-Policy-Report-Only	base-uri 'self'; connect-src 'self' https://adservice.google.com https://www.google.com https://.doubleclick.net https://www.google-analytics.com https://.appcues.com https://.appcues.net wss://.appcues.net wss://.appcues.com statsnzprod.azure-api.net https://.googletagmanager.com https://.google-analytics.com https://.analytics.google.com https://analytics.google.com https://www.google.co.nz https://www.google.com.au https://www.google.com.vn .hotjar.com .hotjar.io wss://.hotjar.com .livechatinc.com https://app.optimalworkshop.com performance.typekit.net; default-src 'self'; form-action 'self' export.highcharts.com govt.us9.list-manage.com; img-src 'self' https: https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com .ytimg.com https://.appcues.com https://.appcues.net res.cloudinary.com cdn.jsdelivr.net https://.googletagmanager.com https://.google-analytics.com .hotjar.com .hotjar.io .livechatinc.com shielded.co.nz staticcdn.co.nz p.typekit.net; media-src 'self' .livechatinc.com; object-src 'self' .livechatinc.com; font-src 'self' https://fonts.gstatic.com data: use.fontawesome.com .hotjar.com .hotjar.io staticcdn.co.nz data://* use.typekit.net; upgrade-insecure-requests; frame-src https://.doubleclick.net https://stats.g.doubleclick.net https://www.googletagmanager.com https://bid.g.doubleclick.net player.vimeo.com .youtube.com 'self' https://.appcues.com .hotjar.com .hotjar.io .livechatinc.com staticcdn.co.nz helpline.homecaremedical.co.nz .office.com .shinyapps.io statsnz.maps.arcgis.com statsmaps.cloud.eaglegis.co.nz; script-src https://www.googletagmanager.com 'unsafe-eval' https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net player.vimeo.com www.youtube.com s.ytimg.com 'self' https://.appcues.com https://.appcues.net https://.googletagmanager.com .hotjar.com .hotjar.io 'unsafe-inline' .livechatinc.com s3.amazonaws.com staticcdn.co.nz helpline.homecaremedical.co.nz use.typekit.net cdnjs.cloudflare.com; style-src https://tagmanager.google.com https://fonts.googleapis.com 'self' https://.appcues.com https://.appcues.net https://fonts.google.com 'unsafe-inline' stackpath.bootstrapcdn.com use.fontawesome.com .livechatinc.com cdn-images.mailchimp.com use.typekit.net; child-src player.vimeo.com 'self' .livechatinc.com; script-src-elem https://.googletagmanager.com https://.google-analytics.com .hotjar.com .hotjar.io 'self' 'unsafe-inline' 'unsafe-eval' *.livechatinc.com staticcdn.co.nz helpline.homecaremedical.co.nz use.typekit.net cdnjs.cloudflare.com; manifest-src 'self'; report-uri https://report-to-api.raygun.com/reports-csp?apikey=fUCNIUtmo6N5JyZrZmL9g
X-Xss-Protection	1; mode=block
Strict-Transport-Security	max-age=300
Server	nginx
Content-Type	text/html; charset=utf-8
X-Iinfo	56-119565452-119565454 NNNN CT(276 279 0) RT(1744108818706 3) q(0 0 6 -1) r(9 28) U4
X-Frame-Options	SAMEORIGIN
Etag	"2946b5bc41479f5c7ee5b305aaa9ddc6-gzip"
X-Cdn	Imperva
Date	Tue, 08 Apr 2025 10:40:21 GMT
Connection	keep-alive
Cache-Control	public, must-revalidate, max-age=120
Expires	Tue, 08 Apr 2025 10:42:21 GMT
Csp-Name	ContentSecurityPolicy
Vary	X-Forwarded-Protocol,Accept-Encoding

About the tool

By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.

This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.

We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.

Watch it now at TrustRadar