| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| X-Content-Type-Options | nosniff |
| X-Permitted-Cross-Domain-Policies | none |
| Set-Cookie | lang=en-US; path=/; SameSite=Lax; secure |
| X-Frame-Options | SAMEORIGIN |
| Referrer-Policy | strict-origin-when-cross-origin |
| Content-Security-Policy | default-src 'self' data: https://internalgogdemo.terracycle.com https://dva1blx501zrw.cloudfront.net/ https://dva1blx501zrw.cloudfront.net/ https://fonts.gstatic.com/ https://use.typekit.net/ https://*.noibu.com/ wss://*.noibu.com/; script-src 'self' 'unsafe-inline' data: https://internalgogdemo.terracycle.com https://dva1blx501zrw.cloudfront.net/ https://analytics.twitter.com/ https://apis.google.com/_/scs/apps-static/ https://apis.google.com/js/platform.js https://apis.google.com/se/0/wm/1/ https://assets.pinterest.com/js/pinit.js https://assets.pinterest.com/js/pinit_main.js https://assets.pinterest.com/js/pinmarklet.js https://s.pinimg.com/ct/ https://b-code.liadm.com/a-00v3.min.js https://cdn.leadmanagerfx.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://js.hs-scripts.com/ https://js.hs-analytics.net/analytics/ https://js.hs-banner.com https://log.pinterest.com/ https://maps.googleapis.com/ https://platform.twitter.com/js/ https://platform.twitter.com/widgets.js https://*.quora.com/qevents.js https://script.hotjar.com/ https://snap.licdn.com/li.lms-analytics/ https://static.ads-twitter.com/uwt.js https://static.hotjar.com/ https://use.typekit.net/ https://*.google-analytics.com https://*.analytics.google.com https://www.google.com/recaptcha/ https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com/ https://www.googleadservices.com/pagead/conversion.js https://*.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.redditstatic.com/ads/pixel.js https://ads.nextdoor.com/public/pixel/ndp.js https://www.clarity.ms/ https://js.hscollectedforms.net/collectedforms.js https://js.hs-banner.com/ https://js.hs-analytics.net/ https://*.wufoo.com/scripts/embed/form.js https://js.hsadspixel.net/fb.js https://js.hsleadflows.net/leadflows.js https://tag.rmp.rakuten.com/125112.ct.js https://js-agent.newrelic.com/ https://analytics.tiktok.com https://stats.g.doubleclick.net https://cdn.cookielaw.org/ https://js.hubspot.com/ https://amplify.outbrain.com/cp/obtp.js https://*.attn.tv/ https://*.attentive.com https://*.attentivemobile.com https://js.hsforms.net/forms/embed/v2.js https://js.hubspot.com/web-interactives-embed.js https://amplify.outbrain.com https://wave.outbrain.com/ https://analytics.tiktok.com/ https://tr.outbrain.com/ https://cdn.noibu.com/collect.js https://*.noibu.com/ wss://*.noibu.com/ https://unpkg.com/swagger-ui-dist@5.11.0/ https://s3.amazonaws.com/static-terracycle-com/misc/ckeditor/ 'unsafe-eval' https://s3.amazonaws.com/assets/errors*; style-src 'self' 'unsafe-inline' https://dva1blx501zrw.cloudfront.net/ https://syndication.twitter.com/ https://fonts.googleapis.com/ https://optimize.google.com https://unpkg.com/swagger-ui-dist@5.11.0/ https://s3.amazonaws.com/static-terracycle-com/misc/ckeditor/ https://fonts.googleapis.com/css https://s3.amazonaws.com/assets/errors*; frame-src 'self' https://staticxx.facebook.com/ https://web.facebook.com/ https://www.facebook.com/ https://accounts.google.com/ https://apis.google.com/ https://optimize.google.com/ https://www.google.com/recaptcha/ https://editorium.herokuapp.com/ https://editorium2.herokuapp.com/ https://editoriumstage.terracycle.com/ https://vars.hotjar.com/ https://i.liadm.com/ https://*.pinterest.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://terracycle.wufoo.com/ https://www.youtube.com/ https://www.recaptcha.net/ https://terracycle.wufoo.com/ https://player.vimeo.com/ https://forms.hubspot.com/ https://td.doubleclick.net/ https://terracycle-6369378.hs-sites.com/ https://privacyportal.onetrust.com/ https://*.attn.tv/ https://*.attentive.com https://*.attentivemobile.com https://forms.hsforms.com/; img-src 'self' https://internalgogdemo.terracycle.com https://dva1blx501zrw.cloudfront.net/ https://dva1blx501zrw.cloudfront.net/ https://d280jbtwinny2v.cloudfront.net/ https://d35jj3xv1zfqx0.cloudfront.net/ https://dva1blx501zrw.cloudfront.net/ https://tc-global-prod.s3.amazonaws.com/ https://s3.amazonaws.com/tc-global-prod/ https://s3.amazonaws.com// https://s3.amazonaws.com/gog-prod/ https://*.terracycle.com/ https://alb.reddit.com/ https://assets.pinterest.com/images/pidgets/ https://c.liadm.com/ https://log.pinterest.com/ https://maps.googleapis.com/ https://maps.gstatic.com/mapfiles/ https://p.typekit.net/ https://*.quora.com/ https://*.ads.linkedin.com/ https://rp.liadm.com/ https://stats.g.doubleclick.net/r/ https://syndication.twitter.com/i/ https://ct.pinterest.com/v3/ https://t.co/ https://track.hubspot.com https://www.facebook.com/tr/ https://optimize.google.com/ https://*.google-analytics.com https://*.googletagmanager.com https://tc-shop-stage.s3.amazonaws.com/ https://tc-shop-prod.s3.amazonaws.com/ https://flask.nextdoor.com/ https://forms.hsforms.com/ https://track.hubspot.com/ https://*.clarity.ms https://img.youtube.com/ https://p.adsymptotic.com/d/px/ https://analytics.tiktok.com/ https://cdn.cookielaw.org/ https://6369378.fs1.hubspotusercontent-na1.net https://consent.linksynergy.com/ https://perf-na1.hsforms.com https://*.attn.tv/ https://*.attentive.com https://*.attentivemobile.com https://forms-na1.hsforms.com https://cta-service-cms2.hubspot.com/ https://static.hubspot.com/ https://static.hsappstatic.net/ https://s3.amazonaws.com/static-terracycle-com/misc/ckeditor/ data: https://s3.amazonaws.com/assets/errors/logo-white* https://www.google.at/ https://www.google.be/ https://www.google.br/ https://www.google.ca/ https://www.google.ch/ https://www.google.co.uk/ https://www.google.com/ https://www.google.de/ https://www.google.dk/ https://www.google.es/ https://www.google.fr/ https://www.google.hu/ https://www.google.ie/ https://www.google.jp/ https://www.google.kr/ https://www.google.mx/ https://www.google.nl/ https://www.google.nz/ https://www.google.se/ https://shop.terracycle.com/en-US/ filesystem:; connect-src 'self' https://internalgogdemo.terracycle.com https://dva1blx501zrw.cloudfront.net/ https://dva1blx501zrw.cloudfront.net/ https://ipapi.co/json https://pro.ip-api.com/json/ https://maps.googleapis.com/ https://in.hotjar.com/api/v1/client/sites/600250/ https://in.hotjar.com/api/v2/client/sites/600250/ https://vc.hotjar.io/views/600250 https://t.leadmanagerfx.com/visit/add/4529 https://us-east1-idyllic-vehicle-159522.cloudfunctions.net/mcfx-visitor-information https://*.google-analytics.com https://*.googletagmanager.com https://analytics.google.com https://*.analytics.google.com https://rp.liadm.com/ https://forms.hubspot.com/ https://t.leadmanagerfx.com/ https://www.clarity.ms/ https://*.clarity.ms https://js.hs-banner.com/ https://stats.g.doubleclick.net/ https://ct.pinterest.com/user/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://privacyportal.onetrust.com/request/v1/consentreceipts https://api.hubapi.com/ https://cta-service-cms2.hubspot.com/ https://forms.hsforms.com https://cdn.linkedin.oribi.io/partner/2230314/domain/terracycle.com/token https://*.attn.tv/ https://*.attentive.com https://*.attentivemobile.com https://tr.outbrain.com/ https://analytics.tiktok.com/ https://hubspot-forms-static-embed.s3.amazonaws.com https://staging.shop.terracycle.com/ https://shop.terracycle.com/ https://*.noibu.com/ wss://*.noibu.com/ |
| Strict-Transport-Security | max-age=63072000; includeSubDomains; preload |
| Connection | keep-alive |
| Content-Type | text/html; charset=utf-8 |
| Feature-Policy | accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; usb 'none'; vibrate 'none'; vr 'none' |
| X-Request-Id | 3a396de5-0ddf-4c1c-98d1-13eb5f9bbda3 |
| Via | 1.1 vegur |
| Link | <//dva1blx501zrw.cloudfront.net/assets/production/assets/vendor/old-browser-37226dd146d8eb268582f30087495dc5fdd2d2e9dcff43432d878a89ab3f9800.js>; rel=preload; as=script; nopush,<//dva1blx501zrw.cloudfront.net/assets/production/assets/application-586678cd3fde2a08d6496477e038743636a4411291a8f903ad60e26884607d2d.js>; rel=preload; as=script; nopush,<//dva1blx501zrw.cloudfront.net/assets/production/packs/css/955-48117250.css>; rel=preload; as=style; nopush,<//dva1blx501zrw.cloudfront.net/assets/production/packs/css/application-ff4b9be7.css>; rel=preload; as=style; nopush,<//dva1blx501zrw.cloudfront.net/assets/production/assets/application-3ad2dda9904d0a4909bad4ef3a4fbfb12a96a8cc6a4b94a1c70665688ecb3ac2.css>; rel=preload; as=style; nopush |
| Date | Sat, 19 Apr 2025 18:10:07 GMT |
| X-Rack-Cache | miss |
| Reporting-Endpoints | heroku-nel=https://nel.heroku.com/reports?ts=1745086206&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=3EwUoSHZTm%2B8oORLromQTZirvpVLGcx53Pp9z02qxCQ%3D |
| X-Xss-Protection | 0 |
| Cache-Control | max-age=0, private, must-revalidate |
| Report-To | {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1745086206&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=3EwUoSHZTm%2B8oORLromQTZirvpVLGcx53Pp9z02qxCQ%3D"}]} |
| X-Download-Options | noopen |
| Server | Cowboy |
| Nel | {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]} |
| Etag | W/"f00e6239b6f4ec9d58834cc0939a435a" |
| X-Runtime | 0.536226 |
| Vary | Origin,Accept-Encoding |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar