| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Access-Control-Allow-Methods | * |
| Strict-Transport-Security | max-age=63072000 |
| Access-Control-Allow-Headers | Content-Type, X-Requested-With, Authorization |
| Vary | RSC, Next-Router-State-Tree, Next-Router-Prefetch, accept-encoding |
| Content-Security-Policy-Report-Only | default-src ads-twitter.com *.ads-twitter.com adsrvr.org *.adsrvr.org amplitude.com *.amplitude.com braintree-api.com *.braintree-api.com braintreegateway.com *.braintreegateway.com cardinalcommerce.com *.cardinalcommerce.com clarity.ms *.clarity.ms cloudflare.com *.cloudflare.com cloudflareinsights.com *.cloudflareinsights.com contentstack.com *.contentstack.com cookielaw.org *.cookielaw.org crwdcntrl.net *.crwdcntrl.net dotdigital-pages.com *.dotdigital-pages.com doubleclick.net *.doubleclick.net execute-api.us-east-1.amazonaws.com *.execute-api.us-east-1.amazonaws.com facebook.com *.facebook.com facebook.net *.facebook.net foresee.com *.foresee.com galleryjs.io *.galleryjs.io google-analytics.com *.google-analytics.com google.at *.google.at google.be *.google.be google.ca *.google.ca google.ch *.google.ch google.cl *.google.cl google.co.id *.google.co.id google.co.il *.google.co.il google.co.in *.google.co.in google.co.jp *.google.co.jp google.co.kr *.google.co.kr google.co.th *.google.co.th google.co.uk *.google.co.uk google.com *.google.com google.de *.google.de google.es *.google.es google.fr *.google.fr google.hu *.google.hu google.ie *.google.ie google.it *.google.it google.nl *.google.nl google.no *.google.no google.pt *.google.pt google.ro *.google.ro googleadservices.com *.googleadservices.com googlesyndication.com *.googlesyndication.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com impactcdn.com *.impactcdn.com line-scdn.net *.line-scdn.net linksynergy.com *.linksynergy.com mapbox.com *.mapbox.com maps.googleapis.com *.maps.googleapis.com mypurecloud.com *.mypurecloud.com newrelic.com *.newrelic.com nr-data.net *.nr-data.net onetrust.com *.onetrust.com online-metrix.net *.online-metrix.net paypal.com *.paypal.com pure.cloud *.pure.cloud quantcount.com *.quantcount.com quantserve.com *.quantserve.com riskified.com *.riskified.com rmtag.com *.rmtag.com samsung.com *.samsung.com sc-static.net *.sc-static.net secured-pixel.com *.secured-pixel.com segment.com *.segment.com segment.io *.segment.io sharethis.com *.sharethis.com shopify.com *.shopify.com simpli.fi *.simpli.fi sjv.io *.sjv.io smile.io *.smile.io snapchat.com *.snapchat.com stbuttons.click *.stbuttons.click storepoint.co *.storepoint.co stripe.com *.stripe.com sweettooth.io *.sweettooth.io tiktok.com *.tiktok.com topps.com *.topps.com trackedlink.net *.trackedlink.net trackedweb.net *.trackedweb.net tvsquared.com *.tvsquared.com vercel.live *.vercel.live verint-cdn.com *.verint-cdn.com verintefm.com *.verintefm.com yahoo.co.jp *.yahoo.co.jp yimg.jp *.yimg.jp; img-src https://um.simpli.fi https://img.riskified.com https://www.topps.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=6.04WGjm7fDG9PeO93xW3KXalhEkUoyQchvIp3HSuUY-1745213127-1.0.1.1-ELlHuZePzkNE0HvTuDdYgdLvPub4FZGkNO_7qKfYfC2OmbnIUbFFTvBgM3ZcTMRwbJ7Pei392AMY6XqXpZtWbZw1sPJEMZRtm7kG8dG3MFMgsSAKObzxbsqz8JwNO_afGP08kDZTzTq18Nqee9TAc2wL6g1BVwoa6SPqHCf8ta7KabqrSbDv8mF_13T39535w_U5DtoU_5hKTxbdWy1WYw; report-to cf-mlsiskjnzeytwzmm |
| Cf-Ray | 933a75f858a7fc46-AMS |
| Cache-Control | private, no-cache, no-store, max-age=0, must-revalidate |
| Link | </_next/static/media/07ce98f0c2830616-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/media/b41420708a9e334c-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2" |
| Set-Cookie | splitKey=ba9a8cee-ec2a-4232-825f-36011ea5297c; Path=/ |
| Content-Security-Policy | default-src 'self'; script-src 'self' 'nonce-a4aa44eb-db31-4129-bdae-13274543b542' 'strict-dynamic' *.amplitude.com api.mapbox.com api.storepoint.co apps.usw2.pure.cloud cdn.cookielaw.org cdn.noibu.com cdn.storepoint.co events.mapbox.com gateway.foresee.com *.clarity.ms sc-static.net sgmntapi.topps.com sgmntcdn.topps.com tr.snapchat.com ucm-us.verint-cdn.com utt.impactcdn.com va.vercel-scripts.com www.google.com www.google-analytics.com www.googletagmanager.com www.gstatic.com js.smile.io; style-src 'self' 'unsafe-inline' api.mapbox.com cdn.storepoint.co gateway.foresee.com ucm-us.verint-cdn.com use.fontawesome.com js.smile.io; font-src 'self' use.fontawesome.com fonts.gstatic.com staging-static.topps.com vercel.live gateway.foresee.com ucm-us.verint-cdn.com js.smile.io; img-src 'self' data: aa.agkn.com ad.doubleclick.net ads.stickyadstv.com analytics.twitter.com bcp.crwdcntrl.net c.bing.com *.clarity.ms cdn.cookielaw.org cdn.storepoint.co cdn.shopify.com ce.lijit.com cm.g.doubleclick.net collector-37645.tvsquared.com d.agkn.com e.dlx.addthis.com eb2.3lift.com ei.rlcdn.com fei.pro-market.net fonts.gstatic.com googleads.g.doubleclick.net geolocation.onetrust.com ib.adnxs.com idsync.rlcdn.com images.topps.com images.contentstack.io image2.pubmatic.com img.riskified.com live.primis.tech loadm.exelator.com logs-01.loggly.com p.alcmpn.com pippio.com pixel.quantserve.com pixel-sync.sitescout.com pixel.rubiconproject.com pixel.tapad.com s.ad.smaato.net simplifi.partners.tremorhub.com stags.bluekai.com static.topps.com sync.1rx.io sync.bfmio.com sync.intentiq.com sync.search.spotxchange.com sync.smartadserver.com tags.rd.linksynergy.com t.co thetoppscompany.sjv.io ucm-us.verint-cdn.com um.simpli.fi ups.analytics.yahoo.com us-u.openx.net www.facebook.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.ojrq.net x.dlx.addthis.com x.bidswitch.com x.bidswitch.net cdn.sweettooth.io platform.smile.io js.smile.io; connect-src 'self' *.amplitude.com analytics.google.com analytics.foresee.com api.mypurecloud.com api-cdn.mypurecloud.com api-cdn.usw2.pure.cloud api.usw2.pure.cloud api.mapbox.com api.storepoint.co c.riskified.com cdn.cookielaw.org cdn.noibu.com cdn.storepoint.co events.mapbox.com fileupload.mypurecloud.com fileupload.usw2.pure.cloud geolocation.onetrust.com wss://input.noibu.com input.noibu.com *.clarity.ms pagead2.googlesyndication.com sc-static.net sgmntapi.topps.com sgmntcdn.topps.com sockjs-us3.pusher.com stats.g.doubleclick.net stats-1.storepoint.co thetoppscompany.sjv.io tr.snapchat.com tr6.snapchat.com ucm-us.verint-cdn.com um.simpli.fi wss://webmessaging.mypurecloud.com wss://webmessaging.usw2.pure.cloud wss://ws-us3.pusher.com www.facebook.com www.google.com www.google-analytics.com vercel.live vitals.vercel-insights.com platform.smile.io; frame-src 'self' apps.usw2.pure.cloud *.fls.doubleclick.net form.jotform.com insight.adsrvr.org match.adsrvr.org td.doubleclick.net thetoppscompany.sjv.io tr.snapchat.com www.googletagmanager.com www.google.com www.youtube.com apps.mypurecloud.com/ player.vimeo.com; media-src 'self' ripped.topps.com; worker-src 'self' blob: |
| Date | Mon, 21 Apr 2025 05:25:27 GMT |
| Content-Type | text/html; charset=utf-8 |
| Report-To | {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=6.04WGjm7fDG9PeO93xW3KXalhEkUoyQchvIp3HSuUY-1745213127-1.0.1.1-ELlHuZePzkNE0HvTuDdYgdLvPub4FZGkNO_7qKfYfC2OmbnIUbFFTvBgM3ZcTMRwbJ7Pei392AMY6XqXpZtWbZw1sPJEMZRtm7kG8dG3MFMgsSAKObzxbsqz8JwNO_afGP08kDZTzTq18Nqee9TAc2wL6g1BVwoa6SPqHCf8ta7KabqrSbDv8mF_13T39535w_U5DtoU_5hKTxbdWy1WYw"}],"group":"cf-mlsiskjnzeytwzmm","max_age":86400} |
| Server | cloudflare |
| Age | 0 |
| X-Matched-Path | / |
| X-Powered-By | Next.js |
| X-Split-User | ba9a8cee-ec2a-4232-825f-36011ea5297c |
| X-Vercel-Cache | MISS |
| X-Vercel-Id | fra1::iad1::m7wnt-1745213126534-9b6b8589dae8 |
| Connection | keep-alive |
| Cf-Cache-Status | DYNAMIC |
| Access-Control-Allow-Origin | * |
| Alt-Svc | h3=":443"; ma=86400 |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar