| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Content-Type | text/html; charset=UTF-8 |
| From-Origin | same |
| Last-Modified | Fri, 04 Apr 2025 17:00:07 GMT |
| X-Debug-Info | eyJyZXRyaWVzIjowfQ== |
| X-Frame-Options | SAMEORIGIN |
| X-Xss-Protection | 1; mode=block |
| Date | Sun, 06 Apr 2025 12:37:27 GMT |
| Age | 34868 |
| X-Served-By | cache-iad-kcgs7200119-IAD, cache-lcy-eglc8600026-LCY |
| X-Cache | MISS, HIT |
| Vary | Cookie |
| Cache-Control | no-store, no-cache, must-revalidate, max-age=0 |
| Content-Language | en |
| X-Content-Type-Options | nosniff |
| X-Cache-Hits | 0, 146 |
| Strict-Transport-Security | max-age=31557600 |
| Connection | keep-alive |
| Content-Length | 133829 |
| Expires | Sun, 19 Nov 1978 05:00:00 GMT |
| Referrer-Policy | same-origin |
| Accept-Ranges | bytes |
| Content-Security-Policy | default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.plyr.io cdnjs.cloudflare.com *.click4assistance.co.uk *.discoveruni.gov.uk discoveruni.gov.uk www.googleoptimize.com www.googletagmanager.com www.google-analytics.com *.blackbaudhosting.com cdn.jsdelivr.net i.vimeocdn.com *.unibuddy.co cdn.matomo.cloud snap.licdn.com acdn.adnxs.com static.ads-twitter.com *.quantserve.com *.hotjar.com www.google.com www.google.co.uk www.googleadservices.com *.google.com gtm *.gstatic.com wss://*.hotjar.com in.hotjar.com *.hotjar.io *.facebook.com *.twitter.com *.ads-twitter.com t.co *.ads.linkedin.com *.g.doubleclick.net snap.licdn.com *.youtube-nocookie.com www.youtube.com payments.blackbaud.com *.quantcount.com *.doubleclick.net player.vimeo.com developers.panopto.com www.instagram.com connect.facebook.net optimize.google.com surrey.matomo.cloud js-agent.newrelic.com googletagmanager.com bam.nr-data.net dev.visualwebsiteoptimizer.com visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com sky.blackbaudcdn.net prospect-form-plugin.2u.com app.geckoform.com; object-src 'self'; style-src 'self' 'unsafe-inline' cdn.plyr.io cdnjs.cloudflare.com cdn.jsdelivr.net i.vimeocdn.com *.unibuddy.co fonts.googleapis.com payments.blackbaud.com bbox.blackbaudhosting.com surrey.matomo.cloud optimize.goo optimize.google.com hello.myfonts.net *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com; img-src 'self' data: fastly.picsum.photos picsum.photos www.googletagmanager.com *.twimg.com scontent.cdninstagram.com *.instagram.com s.ytimg.com i.ytimg.com youtu.be www.facebook.com *.google.com *.quantserve.com analytics.twitter.com *.linkedin.com www.google.co.uk ib.adnxs.com t.co www.google-analytics.com *.click4assistance.co.uk *.doubleclick.net surrey.cloud.panopto.eu bbox.blackbaudhosting.com i.vimeocdn.com *.cloudfront.net discoveruni.gov.uk bbox.blackbaudhosting.com optimize.google.com fonts.googleapis.com optimize.google.com surrey.matomo.cloud google.co.in prreqcroab.icu googleads.g.doubleclick.net gstatic.com www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat www.gstatic.com dev.visualwebsiteoptimizer.com visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com script.hotjar.com; media-src 'self'; frame-src 'self' www.youtube.com youtu.be *.vimeo.com vimeo.com unibuddy.co open.spotify.com platform.twitter.com www.facebook.com www.instagram.com www.google.com *.click4assistance.co.uk popcard.unibuddy.co surrey.cloud.panopto.eu bbox.blackbaudhosting.com optimize.google.com embedder.wirewax.com payments.blackbaud.com *.doubleclick.net www.youtube-nocookie.com app.vwo.com *.visualwebsiteoptimizer.com embed-standalone.spotify.com *.360marketinglab.org.uk host.nxt.blackbaud.com prospect-guidance-ui.unibuddy.co app.geckoform.com; child-src www.youtube.com youtu.be *.vimeo.com vimeo.com unibuddy.co blob:; font-src 'self' hello.myfonts.net fonts.gstatic.com surrey.matomo.cloud hotjar.com script.hotjar.com; connect-src 'self' noembed.com *.linkedin.com *.googleapis.com connect.facebook.net www.facebook.com ws.sessioncam.com surrey-search.clients.uk.funnelback.com connect.facebook.net surrey.matomo.cloud www.google-analytics.com pixel.quantcount.com *.google.com *.doubleclick.net *.linkedin.oribi.io prod-discoveruni.azure-api.net payments.blackbaud.com services.postcodeanywhere.co.uk vc.hotjar.io in.hotjar.com google.co.uk cdn.plyr.io *.visualwebsiteoptimizer.com app.vwo.com prospect-form-packages.2u.com browser-intake-datadoghq.com geo.mktg.2u.com tmq.prod.2u.com imq.2u.com ib.adnxs.com surrey-search.funnelback.squiz.cloud widgetapiv2.azurewebsites.net; report-uri /report-csp-violation; upgrade-insecure-requests |
| Etag | "1743786007" |
| Traceresponse | 00-18339b3fd032cc65a96d635688f7e838-ff92680eda4a41fd-01 |
| X-Drupal-Dynamic-Cache | MISS |
| X-Platform-Server | i-06da839bedacb2aaa |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar