| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| X-Esi | 1 |
| Server | cloudflare |
| Strict-Transport-Security | max-age=31557600 |
| Pragma | cache |
| X-Debug-Info | eyJyZXRyaWVzIjowfQ== |
| Set-Cookie | __cf_bm=tmmxaNUjoBALh4njB8KY0tEdo05gw90GC594G69vHqw-1744081687-1.0.1.1-Pw1w_riupc3TS8VwaebnUF1pQuGW3ju8ckUkypJ9fUcYDpVyOLo8hMt8y8f7LytX3RyhjtPyYcwFR_poIrzBol5AdKpIN8w2htgSzY9XKQs; path=/; expires=Tue, 08-Apr-25 03:38:07 GMT; domain=.drybar.com; HttpOnly; Secure; SameSite=None |
| Content-Security-Policy | base-uri 'self' 'unsafe-inline'; child-src 'self' http: https: blob: 'unsafe-inline'; connect-src 'self' *.rapidspike.com www.cloudflare.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net dpm.demdex.net api.magento.com commerce.adobe.io performance.typekit.net commerce.adobe.net amcglobal.sc.omtrdc.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com analytics.google.com google.com *.analytics.google.com stats.g.doubleclick.net us-central1-adaptive-growth.cloudfunctions.net app-measurement.com doubleclickbygoogle.com doubleclick.com doubleclick.net googleadservices.com googlesyndication-cn.com googlesyndication.com googletagservices.com *.google.co.uk *.google.fr *.google.de *.google.es *.google.it *.google.nl *.google.be *.google.pl *.google.se *.google.ie *.google.dk *.google.pt *.google.gr *.google.fi *.google.cz *.google.hu *.google.at *.google.ro *.google.sk *.google.si *.google.bg *.google.hr *.google.lt *.google.lv *.google.ee *.google.mt *.google.cy *.google.lu *.google.us *.google.com.au *.google.ca *.google.com.pr *.google.com.mx *.google.co.cr *.google.com https://www.google.com/recaptcha/ *.recaptcha.net vimeo.com *.googlesyndication.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.stripe.network brilliantcollector.com *.brilliantcollector.com *.newrelic.com *.nr-data.net *.algolia.net *.algolia.com *.algolianet.com kustomerapp.com *.kustomerapp.com api.addressy.com ekr.zdassets.com parcellab.com *.parcellab.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com *.kaltura.com rapid-cdn.yottaa.com *.yottaa.net 'unsafe-inline' *.drybar.com *.listrakbi.com *.trustarc.com s.amazon-adsystem.com ara.paa-reporting-advertising.amazon *.algolia.io googletagmanager.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net www.facebook.com analytics.tiktok.com *.paypal.com *.vimeo.com mpsnare.iesnare.com p2iqhncxyh.execute-api.eu-central-1.amazonaws.com; font-src 'self' fonts.gstatic.com use.typekit.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustarc.com kustomerapp.com *.kustomerapp.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'unsafe-inline'; form-action 'self' yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'unsafe-inline' www.facebook.com t.lt02.net; frame-ancestors 'self' www.gstatic.com stripe.com *.stripe.com; manifest-src 'self' 'unsafe-inline'; media-src 'self' *.adobe.com 'unsafe-inline' *.vimeo.com download-video.akamaized.net blob: data: *.vimeocdn.com; object-src 'self' 'unsafe-inline'; style-src 'self' *.adobe.com fonts.googleapis.com parcellab.com *.parcellab.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com *.googleapis.com 'unsafe-inline' cdn.listrakbi.com googletagmanager.com *.googletagmanager.com tagmanager.google.com *.typekit.net; worker-src 'unsafe-eval' 'unsafe-inline' 'self' drybar.com/p/1/2; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=bdxDF8oSCF5wJBNI.cX97ulHiq3BJIx_B2a0_sdO8EM-1744081687-1.0.1.1-yXi3r6vY.11ux.pWyKepsnVA6r_t_QRgwsZ.R6sn9iSdkQkSbnKDdQcPMve1TvXeVu9NPuOKgEGXd12yYB7wz1lZuG.nBXh521ppPSZKwM1MVsXfGvPqZhPCaPSlnrc1K8vpc5yJxMR3sPsEm0LZfxeGqOBuVEGOT7z5vLbcjZw5yfvulwFieqD6Ma0VRnpK3IlWWo0ikxqmE9JunYNB5Q; report-to cf-kstekveegcslceet |
| X-Built-With | Hyva Themes |
| X-Content-Type-Options | nosniff |
| X-Frame-Options | SAMEORIGIN |
| X-Platform-Server | i-0ec55145e3d5f3f7e |
| Report-To | {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=fqeo3gi15qBiWe0CaM2CtzeAyzFyu7AC1Wj.ajLjZ_k-1744081687-1.0.1.1-qJAqp_pqLqw58jBtxGz9f_wd2CD43_gHyC9ZHoOKQ1V_lt.L4Kge5YfAkCTT2OOPkkZkvAfT78tHdy.bqMaUlaBGwB5DkyfqCdLCNBoZj3Wfh.vtrrDGjJ0s2BM3fmt3N1AdtQANPtF3sqwW5hONKw"}],"group":"cf-csp-endpoint","max_age":86400} |
| Age | 15340 |
| Cache-Control | no-store, no-cache, must-revalidate, max-age=0 |
| Content-Type | text/html; charset=UTF-8 |
| Cf-Ray | 92ce8ef29bd6667f-AMS |
| Cf-Cache-Status | DYNAMIC |
| Traceresponse | 00-18342b19c0756e85493691707d340a1d-763b6da9a8f50e67-01 |
| X-Cache-Hits | 0, 23, 0 |
| Content-Security-Policy-Report-Only | script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=fqeo3gi15qBiWe0CaM2CtzeAyzFyu7AC1Wj.ajLjZ_k-1744081687-1.0.1.1-qJAqp_pqLqw58jBtxGz9f_wd2CD43_gHyC9ZHoOKQ1V_lt.L4Kge5YfAkCTT2OOPkkZkvAfT78tHdy.bqMaUlaBGwB5DkyfqCdLCNBoZj3Wfh.vtrrDGjJ0s2BM3fmt3N1AdtQANPtF3sqwW5hONKw; report-to cf-csp-endpoint |
| Alt-Svc | h3=":443"; ma=86400 |
| Vary | Accept-Encoding,Cookie |
| X-Cache | MISS, HIT, HIT |
| X-Served-By | cache-iad-kiad7000178-IAD, cache-iad-kiad7000172-IAD, cache-rtm-ehrd2290055-RTM |
| Date | Tue, 08 Apr 2025 03:08:07 GMT |
| Connection | keep-alive |
| Expires | Tue, 08 Apr 2025 22:52:26 GMT |
| X-Timer | S1744066345.294320,VS0,VE1591 |
| X-Xss-Protection | 1; mode=block |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar