| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| X-Content-Type-Options | nosniff |
| Date | Tue, 08 Apr 2025 10:40:15 GMT |
| Request-Context | appId=cid-v1:4a7f8dd8-3291-4e0b-bdfc-05223d9ea636 |
| X-Frame-Options | SAMEORIGIN |
| Referrer-Policy | no-referrer-when-downgrade |
| Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
| Vary | Accept-Encoding |
| Content-Security-Policy | report-uri https://identity.tescobank.com/afm/cspReport/; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ims.tescoinsurance.com ims2.tescotravelmoney.com *.oracleinfinity.io *.oracle.com *.oraclecloud.com *.trustpilot.com *.woopra.com *.fls.doubleclick.net fls.doubleclick.net *.lpsnmedia.net *.google.com *.googleapis.com *.qubit.com *.travelex.net *.adobedtm.com *.vo.msecnd.net bat.bing.com c.evidon.com cdn.cookielaw.org *.decibelinsight.net cm.everesttech.net connect.facebook.net dc.services.visualstudio.com *.cloudfront.net *.demdex.net flex.cybersource.com *.g.doubleclick.net *.hotjar.com *.liveperson.net *.tescobank.com *.ensighten.com r.turn.com royalsunallianceinsu.tt.omtrdc.net rsa.d2.sc.omtrdc.net rum-static.pingdom.net service.maxymiser.net *.google-analytics.com stash.qubitproducts.com static.ads-twitter.com static.goqubit.com tescobank.azureedge.net ue.enablermail.com www.facebook.com www.google.co.uk *.googleadservices.com *.googletagmanager.com *.gstatic.com track.omguk.com wss://sync.onfido.com wss://collection.decibelinsight.net mpsnare.iesnare.com *.adnxs.com s.yimg.com *.sociomantic.com p.teads.tv t.teads.tv cm.teads.tv *.digital-cloud-uk.medallia.eu *.kampyle.com *.medallia.eu apps.commbox.io now.commbox.io js-agent.newrelic.com bam-cell.nr-data.net *.google-analytics.com ; style-src 'self' 'unsafe-inline' *.oracleinfinity.io *.oracle.com *.oraclecloud.com *.googleapis.com apps.commbox.io now.commbox.io js-agent.newrelic.com bam-cell.nr-data.net *.kampyle.com *.medallia.eu ; img-src 'self' data: blob: * ; child-src 'self' blob: ; font-src 'self' data: * ; connect-src 'self' ims.tescoinsurance.com ims2.tescotravelmoney.com *.oracleinfinity.io *.oracle.com *.oraclecloud.com bam-cell.nr-data.net *.woopra.com *.td.doubleclick.net *.fls.doubleclick.net fls.doubleclick.net *.lpsnmedia.net *.google.com *.googleapis.com *.qubit.com *.travelex.net *.adobedtm.com *.vo.msecnd.net bat.bing.com c.evidon.com cdn.cookielaw.org *.decibelinsight.net cm.everesttech.net connect.facebook.net dc.services.visualstudio.com *.cloudfront.net *.demdex.net flex.cybersource.com *.g.doubleclick.net *.hotjar.com *.liveperson.net *.tescobank.com *.ensighten.com r.turn.com royalsunallianceinsu.tt.omtrdc.net rsa.d2.sc.omtrdc.net rum-static.pingdom.net service.maxymiser.net *.google-analytics.com stash.qubitproducts.com static.ads-twitter.com static.goqubit.com tescobank.azureedge.net ue.enablermail.com www.facebook.com www.google.co.uk *.googleadservices.com *.googletagmanager.com *.gstatic.com track.omguk.com wss://sync.onfido.com wss://collection.decibelinsight.net mpsnare.iesnare.com *.adnxs.com s.yimg.com *.sociomantic.com *.tiles.mapbox.com api.mapbox.com events.mapbox.com p.teads.tv t.teads.tv cm.teads.tv *.digital-cloud-uk.medallia.eu *.kampyle.com *.medallia.eu ; frame-src 'self' *.trustpilot.com *.td.doubleclick.net *.fls.doubleclick.net fls.doubleclick.net *.tescobank.com tescobank.demdex.net *.vo.msecnd.net service.maxymiser.net p.teads.tv t.teads.tv cm.teads.tv *.digital-cloud-uk.medallia.eu *.kampyle.com *.medallia.eu apps.commbox.io now.commbox.io js-agent.newrelic.com bam-cell.nr-data.net ; frame-ancestors 'self' *.tescobank.com ; object-src 'self' *.td.doubleclick.net *.fls.doubleclick.net fls.doubleclick.net *.tescobank.com tescobank.demdex.net; media-src 'self' apps.commbox.io ; |
| Content-Type | text/html; charset=utf-8 |
| Access-Control-Expose-Headers | Request-Context |
| Cache-Control | private, s-maxage=0 |
| Connection | keep-alive |
| X-Xss-Protection | 1; mode=block |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar