| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Date | Sun, 20 Apr 2025 00:25:45 GMT |
| Content-Security-Policy | connect-src sync.datamind.ru dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net assets.adobedtm.com *.omniture.com *.g.doubleclick.net geocode-maps.yandex.ru/1.x/ suggest-maps.yandex.ru *.google-analytics.com *.datamind.ru *.cdn-tinkoff.ru www.google.com analytics.google.com www.google.ru www.facebook.com connect.facebook.net google-analytics.bi.owox.com vk.com mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr px.adhigh.net eye.targetads.io ad.adriver.ru top-fwz1.mail.ru dss.hybrid.ai tag.rutarget.ru tms.dmp.wi-fi.ru ads.adlook.me dmg.digitaltarget.ru dsum-sec.casalemedia.com id.uma.media prodmp.ru track-us.bidease.com ads.betweendigital.com a.utraff.com rtb.viadata.store reichelcormier.bid x01.aidata.io ssp.bidvol.com cs.gssprt.jp ssp.adriver.ru secure.adnxs.com exchange.buzzoola.com cs-0.moevideo.biz sync.republer.com redirect.frontend.weborama.fr sync.dmp.otm-r.com sync.mediatoday.iae.one an.yandex.ru sync.1dmp.io cm.lentainform.com mitdmp.whiteboxdigital.ru acint.net sync.viadata.store sync.adkernel.com sync.videonow.ru code.moviead55.ru api.imotech.video widget-api.uxfeedback.ru pixel.gooroo.works api-qa.diginetica.net/v1/ rap.skcrtxr.com 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru wss://*.tinkoff.ru wss://*.tcsbank.ru wss://*.tbank.ru platform-sentry.tcsbank.ru sentry.tinkoff.ru www.cdn-tinkoff.ru cdn.tbank.ru cfg.tinkoff.ru www.tbank.ru business.tbank.ru cobrowsing.tbank.ru mddc.tinkoff.ru geocode-maps.yandex.ru imgproxy.cdn-tinkoff.ru fallback.cdn-tinkoff.ru; script-src sync.datamind.ru www.google.com www.google.ru connect.ok.ru vk.com *.datamind.ru s.ytimg.com *.tinkoff.ru *.tcsbank.ru *.cdn-tinkoff.ru mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr yastatic.net mc.webvisor.com mc.webvisor.org 'self' 'unsafe-eval' 'unsafe-inline' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru blob: https://tinkoff.ru https://www.tinkoff.ru https://www.youtube.com https://*.1tv.ru/; img-src *.datamind.ru dpm.demdex.net www.google-analytics.com tinkoffcreditsystems.d3.sc.omtrdc.net cm.everesttech.net dp.adsdata.ru www.google.com www.google.ru vk.com login.vk.com mc.yandex.ru ad.mail.ru adfocus.ru www.facebook.com connect.facebook.net ad.doubleclick.net *.google.com *.yandex.ru *.yandex.net *.2o7.net *.demdex.net cx.atdmt.com analytics.twitter.com t.co eu-sonar.sociomantic.com *.sravni.ru www.banki.ru *.pool.datamind.ru statad.ru www.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.privacysandbox.googleadservices.com *.cdn-tinkoff.ru *.tinkoff.ru p.formobil.net rupertino.ru adservice.google.com adservice.google.ru google-analytics.bi.owox.com dc.ads.linkedin.com *.mail.ru dp.tinkoffinsurance.ru *.fls.doubleclick.net tms.dmp.wi-fi.ru cdn3.caltat.com sonar.semantiqo.com www.cdn-tinkoff.ru ad.adriver.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr eye.targetads.io tag.rutarget.ru top-fwz1.mail.ru dss.hybrid.ai track-us.bidease.com tech.rtb.mts.ru sync.gonet-ads.com ad.new-programmatic.com mssg.su rap.skcrtxr.com cdn3.uxfeedback.ru widget.uxfeedback.ru cdn.uxfeedback.ru sm.rtb.mts.ru exchange.buzzoola.com dmp.one sync.bumlam.com wf-ru-frontend.weborama-tech.ru 'self' data: *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru https://tinkoff.ru https://www.tinkoff.ru http://img.youtube.com https://*.1tv.ru/; frame-src *.tinkoff.demdex.net *.omniture.com bid.g.doubleclick.net www.facebook.com *.demdex.net vk.com static.datamind.ru platform.twitter.com connect.ok.ru *.datamind.ru *.cdn-tinkoff.ru *.fls.doubleclick.net www.cdn-tinkoff.ru mc.yandex.ru yastatic.net mc.webvisor.org metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com *.webvisor.com 'self' blob: data: *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru https://www.youtube.com https://*.1tv.ru/ https://download.srv-hub.org/; font-src *.cdn-tinkoff.ru 'self' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.tinkoff.ru data:; report-uri https://www.tbank.ru/api/front/pfphome/log/csp-error?appName=pfphome&sentryDsnKey=b7cae0fa7dd74b4489cd05596a20df38&sentryApiId=142; default-src 'self' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.cdn-tinkoff.ru *.tinkoff.ru data:; style-src 'unsafe-inline' 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.cdn-tinkoff.ru |
| Pragma | no-cache |
| X-K8s-Istio-Sage-Group | pfphome-app |
| X-Powered-By | MSX Basic Web Clustered Engine (WCE pi) - NG |
| Content-Type | text/html |
| X-Tramvai-Resolved-External-Host | www.tbank.ru=www.tinkoff.ru |
| X-Xss-Protection | 0 |
| Cache-Control | no-cache, must-revalidate |
| Set-Cookie | __P__wuid=831188d5e21086f5f1ae374d08055121; Domain=.tbank.ru; Path=/; Expires=Wed, 18 Apr 2035 00:25:45 GMT; Secure; SameSite=None |
| Server | MSX Turbo R (R900) Web Server 1.13 |
| X-Cache-Status | EXPIRED |
| Vary | Accept-Encoding |
| X-App-Version | pfphome-prod-v0.41.5 |
| Report-To | {"group":"network-errors","max_age":300,"include_subdomains":true,"endpoints":[{"url":"https://www.tinkoff.ru/api/front/nel-collector/?appId=pfphome","priority":1}]} |
| Expires | 0 |
| X-K8s-Istio-Drop-Ok | false |
| Accept-Ch | Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model |
| Nel | {"report_to":"network-errors","max_age":300,"include_subdomains":true,"success_fraction":0,"failure_fraction":1} |
| X-Envoy-Upstream-Service-Time | 181 |
| X-Request-Id | d444404bef6cb60dbbfe47e4ef189251 |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar