| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| X-Xss-Protection | 0 |
| X-Permitted-Cross-Domain-Policies | none |
| Content-Type | text/html; charset=utf-8 |
| Access-Control-Allow-Origin | https://www.trademe.co.nz |
| Accept-Ranges | bytes |
| Strict-Transport-Security | max-age=31536000 |
| Pragma | no-cache |
| Cache-Control | private,no-store,max-age=0,no-cache,must-revalidate |
| Referrer-Policy | strict-origin-when-cross-origin |
| Content-Security-Policy | default-src 'self' tpc.googlesyndication.com;frame-ancestors 'self';frame-src 'self' staticcdn.co.nz *.youtube.com www.facebook.com connect.facebook.net gsa://onpageload trademe.wufoo.com matterport.com *.matterport.com viewer.metamaker.istaging.com vtc.virtualtourscreator.com.au app.cloudpano.com youriguide.com virtualtour.laserfocus.co.nz s3virtualtour.esoft.com www.boxbrownie.com kuula.co tours.virtualpro.nz open.littlehinges.com ipropertyexpress.com virtual-tour.ipropertyexpress.com app.envisionvr.net realsee.ai realsee.jp https://api.trademe.co.nz/ https://auth.trademe.co.nz https://api.trademe.co.nz/graphql/ *.app.trade.me vimeo.com *.vimeo.com cdn.diakrit.com livetour.istaging.com vtc.virtualtourscreator.com.au app.cloudpano.com static.instavid360.com/ storage.googleapis.com www.google.com www.google.co.nz *.googlesyndication.com console.googletagservices.com *.doubleclick.net *.adtrafficquality.google www.googletagmanager.com www.adsensecustomsearchads.com syndicatedsearch.goog *.trademepayments.co.nz:* *.pingauth.trademe.co.nz:* *.ping.trademe.co.nz:* mfa.trademe.co.nz mfa-test.trademe.co.nz;font-src 'self' data: www.trademe.co.nz fonts.googleapis.com fonts.gstatic.com *.appsflyer.com;img-src 'self' data: blob: trademe.test.tmcdn.co.nz www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com *.ggpht.com i.ytimg.com i.vimeocdn.com www.facebook.com staticcdn.co.nz *.segment.com https://api.trademe.co.nz/ *.tmcdn.co.nz https://api.trademe.co.nz/graphql/ trademe-prod-cdn.global.ssl.fastly.net *.trademe.co.nz images.tmsandbox.co.nz *.google.com *.google.co.nz *.google.com.au *.google.co.uk *.google.lk *.google.co.in *.google.com.sg *.google.com.sa *.google.cn *.google.com.ph *.google.com.hk *.google.co.kr *.google.de *.google.ca *.google.co.jp *.google.com.fj *.google.co.id *.google.ae *.google.com.my *.google.co.th *.google.fr *.google.nl *.google.com.tw *.google.com.br *.google.es *.google.ie *.google.cl *.google.se *.google.ar *.google.com.vn *.googlesyndication.com *.doubleclick.net *.googleusercontent.com *.adtrafficquality.google www.adsensecustomsearchads.com syndicatedsearch.goog *.appsflyer.com impressions.onelink.me api.myautoshop.co.nz images.myautoshop.co.nz sslphotos.jato.com via.placeholder.com static.instavid360.com/;media-src static.instavid360.com/;style-src 'self' 'unsafe-inline' fonts.googleapis.com www.googletagmanager.com;script-src 'self' 'sha256-+Xrd2JXp+0v4CPJh8ItTesF4UTNEiX7+FUkwX05k96U=' 'sha256-Py186oukusDqeFGW6aca+n3KdTRYvKAqZT5quwQOtTg=' 'report-sample' staticcdn.co.nz connect.facebook.net www.google-analytics.com www.googletagmanager.com *.googletagservices.com www.gstatic.com dnn506yrbagrg.cloudfront.net *.googleapis.com www.youtube.com s.ytimg.com script.crazyegg.com *.segment.com *.appboycdn.com *.google.com *.google.co.nz *.google.com.au *.google.co.uk *.google.lk *.google.co.in *.google.com.sg *.google.com.sa *.google.cn *.google.com.ph *.google.com.hk *.google.co.kr *.google.de *.google.ca *.google.co.jp *.google.com.fj *.google.co.id *.google.ae *.google.com.my *.google.co.th *.google.fr *.google.nl *.google.com.tw *.google.com.br *.google.es *.google.ie *.google.cl *.google.se *.google.ar *.google.com.vn *.googleadservices.com *.doubleclick.net *.googlesyndication.com cdn.ampproject.org *.adtrafficquality.google trademe.cdn.fuseplatform.net cdn.jsdelivr.net/gh/prebid/ www.adsensecustomsearchads.com syndicatedsearch.goog *.appsflyer.com *.afterpay.com *.app.trade.me *.newrelic.com *.nr-data.net;form-action 'self' trademe.wufoo.com www.facebook.com connect.facebook.net d3f5l8ze0o4j2m.cloudfront.net https://api.trademe.co.nz/ https://api.trademe.co.nz/graphql/ *.app.trade.me;connect-src 'self' https://api.trademe.co.nz/ https://auth.trademe.co.nz https://api.trademe.co.nz/graphql/ *.tmcdn.co.nz *.segment.io *.segmentapis.com *.segment.com *.braze.com sentry.io www.facebook.com www.google-analytics.com *.gstatic.com *.googleapis.com www.googletagmanager.com *.google.com *.google.co.nz *.google.com.au *.google.co.uk *.google.lk *.google.co.in *.google.com.sg *.google.com.sa *.google.cn *.google.com.ph *.google.com.hk *.google.co.kr *.google.de *.google.ca *.google.co.jp *.google.com.fj *.google.co.id *.google.ae *.google.com.my *.google.co.th *.google.fr *.google.nl *.google.com.tw *.google.com.br *.google.es *.google.ie *.google.cl *.google.se *.google.ar *.google.com.vn google.com *.doubleclick.net *.googlesyndication.com *.adtrafficquality.google trademe.cdn.fuseplatform.net cdn.jsdelivr.net/gh/prebid/ www.adsensecustomsearchads.com syndicatedsearch.goog *.appsflyer.com *.afterpay.com api.amplitude.com *.app.trade.me *.trademe.co.nz *.nr-data.net api.topsort.com/v2/events;child-src 'self';worker-src 'self';object-src 'none';report-uri https://www.trademe.co.nz/a/csp-report-uri |
| X-Ua-Compatible | IE=Edge |
| Alt-Svc | h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 |
| X-Content-Type-Options | nosniff |
| X-Dns-Prefetch-Control | off |
| Expect-Ct | max-age=0, report-uri="https://sentry.io/api/1279183/security/?sentry_key=990566bb4d5d4445ae67eba309f51cfd&sentry_release=frend--ce06d1a9" |
| X-Enable-Segment | 0 |
| Date | Sun, 06 Apr 2025 20:02:06 GMT |
| Connection | keep-alive |
| X-Frame-Options | SAMEORIGIN |
| X-Download-Options | noopen |
| Vary | Origin, Accept-Encoding, x-enable-segment |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar