| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| X-Download-Options | noopen |
| Pragma | no-cache |
| X-Cache | TCP_MISS from a104-110-240-198.deploy.akamaitechnologies.com (AkamaiGHost/22.0.1.1-1eb06f337eca40b3482aa107e6b7c368) (-) |
| X-Akamai-Request-Id | 1d1553ce |
| Server-Timing | inner; dur=72 |
| Reporting-Endpoints | csp-endpoint="https://mon-i18n.tiktokv.com/monitor_browser/collect/batch/security/?bid=tiktok_pns" |
| Content-Security-Policy-Report-Only | report-to csp-endpoint; script-src 'report-sample' 'unsafe-eval' apis.google.com c.paypal.com cdn.ampproject.org client-api.arkoselabs.com code.jquery.com connect.facebook.net developers.kakao.com interactives.ap.org js.hcaptcha.com js.hsforms.net pay.google.com recaptcha.google.com s20.tiktokcdn.com s3.amazonaws.com sf16-website-login.neutral.tiktokcdn-eu.com sf16-website-login.neutral.ttwstatic.com sf16-website.neutral.tiktokcdn-eu.com sf16-website.neutral.ttwstatic.com sf16m-website-login.neutral.ttwstatic.com ssl.bing.com static.captchami.com tiktok.captchami.com unpkg.com www.vimeo.com; report-uri https://mon-i18n.tiktokv.com/monitor_browser/collect/batch/security/?bid=tiktok_pns&ev_type=csp&p=Bft85SohKpT3hn5_VgkV2&v=8; worker-src www.tiktok.com/business/sw.js www.tiktok.com/creator/worker/ www.tiktok.com/embed/sw.js www.tiktok.com/firebase-messaging-sw.js www.tiktok.com/help/sw.js www.tiktok.com/legal/report/verification/uploader-oversea-crc32.js www.tiktok.com/live/creator-networks/pdf.worker.min.js www.tiktok.com/live/static/player-worker/ www.tiktok.com/risk-appeal-ocr/BlinkCardWasmSDK.worker.min.js www.tiktok.com/series/worker/ www.tiktok.com/sw.js |
| Cache-Control | max-age=0, no-cache, no-store |
| Date | Sat, 05 Apr 2025 03:21:41 GMT |
| X-Tt-Trace-Tag | id=16;cdn-cache=miss;type=dyn |
| Content-Type | text/html; charset=utf-8 |
| Feature-Policy | microphone 'none'; geolocation 'none' |
| Referrer-Policy | strict-origin-when-cross-origin |
| Expires | Sat, 05 Apr 2025 03:21:41 GMT |
| Vary | Accept-Encoding |
| X-Tt-Trace-Id | 00-25040511214107D8D3000F70AF553FFD-51C04A38412BAA77-00 |
| Set-Cookie | tt_chain_token=E3rOAUA/dn/EEv9GzszWeg==; path=/; expires=Thu, 02 Oct 2025 03:21:41 GMT; domain=.tiktok.com; secure; httponly |
| X-Origin-Response-Time | 100,104.110.240.198 |
| Access-Control-Allow-Origin | https://www.tiktok.com |
| X-Content-Type-Options | nosniff |
| X-Gw-Dst-Psm | serverless.tiktok.desktop |
| X-Pumbaa-Web-Avail | 1 |
| X-Tt-Trace-Host | 0160fbf710c9545fadc2b6f238bde58012793217f4d9bfafd0f17ba2807a0372a268e66b31cda6971c89e17a0cd9b25ef7e81d30202437622ddedb40ee1dddb4693017db53e4eabbddd7cd615f8b775210fa2ebc7ecfe65f753d4ff92d7e89ed1c |
| Access-Control-Allow-Credentials | true |
| X-Bytefaas-Execution-Duration | 70.74 |
| X-Bytefaas-Request-Id | 2025040511214107D8D3000F70AF553FFD |
| X-Frame-Options | SAMEORIGIN |
| X-Powered-By | Goofy Node |
| Content-Security-Policy | script-src 'report-sample' 'unsafe-eval' apis.google.com c.paypal.com cdn.ampproject.org cdnjs.cloudflare.com client-api.arkoselabs.com code.jquery.com connect.facebook.net developers.kakao.com googleads.g.doubleclick.net interactives.ap.org js-cdn.music.apple.com/musickit/v3/musickit.js js.hcaptcha.com js.hsforms.net lf16-cdn-tos.tiktokcdn-us.com/obj/static-tx/bric-captcha/core-captcha/ pay.google.com recaptcha.google.com s20.tiktokcdn.com s3.amazonaws.com sf16-website-login.neutral.tiktokcdn-eu.com sf16-website-login.neutral.ttwstatic.com sf16-website.neutral.tiktokcdn-eu.com sf16-website.neutral.ttwstatic.com sf16m-website-login.neutral.ttwstatic.com ssl.bing.com static.captchami.com tiktok.captchami.com tx41v.arkoselabs.com unpkg.com vimeo.com www.google.com www.googleadservices.com www.googleapis.com www.googletagmanager.com www.gstatic.com www.vimeo.com; frame-src *.tiktok.com accounts.google.com www.google.com recaptcha.google.com www.facebook.com *.kakao.com lf16-web.tiktokcdn.com assets.braintreegateway.com appleid.apple.com access.line.me api.twitter.com h.online-metrix.net bytedance: newassets.hcaptcha.com client-api.arkoselabs.com; worker-src www.tiktok.com/business/sw.js www.tiktok.com/creator/worker/ www.tiktok.com/embed/sw.js www.tiktok.com/firebase-messaging-sw.js www.tiktok.com/help/sw.js www.tiktok.com/legal/report/verification/uploader-oversea-crc32.js www.tiktok.com/live/creator-networks/pdf.worker.min.js www.tiktok.com/live/static/player-worker/ www.tiktok.com/risk-appeal-ocr/BlinkCardWasmSDK.worker.min.js www.tiktok.com/series/worker/ www.tiktok.com/sw.js www.tiktok.com/tiktokstudio/static/worker/; frame-ancestors tea-va.bytedance.net www.tiktok.com; report-to csp-endpoint; report-uri https://mon-i18n.tiktokv.com/monitor_browser/collect/batch/security/?bid=tiktok_pns&ev_type=csp&p=Bft85SohKpT3hn5_VgkV2&v=22; upgrade-insecure-requests ; default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: bytedance: data: wss://*.tiktok.com wss://*.tiktokv.com wss://*.tiktokv.eu wss://tiktok.com wss://tiktokv.com *.adsco.re *.adsintegrity.net *.akamaized.net *.amazonaws.com *.arkoselabs.com *.billetlugen.dk *.bing.com *.bitssec.com *.bytedapm.com *.bytedgame.com *.bytehwm-row.com *.byteicdn.com *.byteintl.com *.byteintl.net *.byteintlapi.com *.byteintlstatic.com *.bytelemon.com *.byteoversea.com *.byteoversea.net *.bytevcloudapi.com *.capcut.com *.cloudflare.com *.ctfassets.net *.doubleclick.net *.entradas.com *.evbuc.com *.eventim.de *.facebook.com *.facebook.net *.fbsbx.com *.fcdnstatic-intl.com *.fdmstatic.com *.g-p-static.com *.gauthmath.com *.giphy.com *.goofy-cdn.com *.goofy.app *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.net *.ibytedtos.com *.ibyteimg.com *.isnssdk.com *.jumio.ai *.kakao.com *.lemon8-app.com *.lemon8cdn.com *.licdn.com *.linkedin.com *.midtrans.com *.muscdn.com *.musical.ly *.oecstatic.com *.omise.co *.pangle-ads.com *.paypal.com *.pipopay.com *.redditstatic.com *.resso.me *.sgsnssdk.com *.soundon.global *.tableau.com *.tenor.com *.tiktok-row.net *.tiktok.com *.tiktok.ru *.tiktok.vn *.tiktokapis.com *.tiktokcdn-eu.com *.tiktokcdn-in.com *.tiktokcdn-us.com *.tiktokcdn.com *.tiktokcreativeone.com *.tiktokeu-cdn.com *.tiktokforbusinessoutbound.com *.tiktokglobalshop.com *.tiktokmusic.me *.tiktokshop.com *.tiktokstaticb.com *.tiktokus.info *.tiktokv.com *.tiktokv.eu *.tiktokv.us *.tiktokvapp.eu *.tiktokw.eu *.tiktokw.us *.topbuzzcdn.com *.ttlivecdn.com *.ttlstatic.com *.ttwstatic.com *.vimeo.com *.vodupload.com *.yahoo.co.jp *.yhgfb-static.com *.youtube-nocookie.com *.zhiliaoapp.com api.music.apple.com code.jquery.com facebook.com google.com i.ticketweb.com images.universe.com interactives.ap.org media.ticketmaster.eu play.itunes.apple.com res.cloudinary.com s1.ticketm.net static-label.frontgatetickets.com static.captchami.com t.co tikitoks.com tiktok.captchami.com tiktok.com tiktok.ua tiktok.vn tiktokfollowersfree.com tiktokv.com tx41v.arkoselabs.com unpkg.com vimeo.com |
| Server | TLB |
| Strict-Transport-Security | max-age=31536000; includeSubdomains |
| X-Tt-Logid | 2025040511214107D8D3000F70AF553FFD |
| X-Xss-Protection | 1; mode=block |
| Connection | keep-alive |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar