| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| X-Frame-Options | DENY |
| Date | Tue, 08 Apr 2025 11:16:08 GMT |
| Cache-Control | no-cache, no-store, stale-if-error=0, max-age=0 |
| Vary | Accept-Encoding |
| Via | 1.1 52565866975cd7c0daa261ea0388bad4.cloudfront.net (CloudFront) |
| X-Amz-Cf-Pop | AMS58-P4 |
| Report-To | {"group":"csp-endpoint","max_age":2592000,"endpoints":[{"url":"/int-api/client-error-csp"}]} |
| Server | istio-envoy |
| Strict-Transport-Security | max-age=31536000; includeSubDomains |
| Content-Security-Policy | frame-ancestors 'none'; default-src 'self' blob:; worker-src blob:; img-src *.monetate.org t.co google.co.zw *.g.doubleclick.net *.googleusercontent.com *.google.co.uk *.2mdn.net *.doubleclick.net *.adnxs.com ib.adnxs.com google.com.tr *.google.ro *.google.com.hk google.com.hk google.com.sg google.gr google.ch google.dk google.bf google.gg google.kz google.com.cy google.lk google.es google.com.ph google.je google.no awin1.com *.awin1.com zenaps.com www.zenaps.com *.zenaps.com *.twitter.com twitter.com analytics.twitter.com *.clarity.ms *.bing.com *.contentsquare.net *.facebook.net data: http://sb.monetate.net cdn-ukwest.onetrust.com *.cdn-ukwest.onetrust.com *.amazonaws.com geo-tracker.smadex.com *.monetate.net travisperkins.scene7.com *.travisperkins.co.uk https://www.travisperkins.co.uk dam-assets.apps.travisperkins.group *.dam-assets.apps.travisperkins.group google-analytics.com www.google-analytics.com *.google-analytics.com maps.googleapis.com maps.gstatic.com *.adservice.google.co.uk googletagmanager.com www.googletagmanager.com *.googletagmanager.com ad.doubleclick.net *.powerreviews.com p-eu.brsrvr.com *.demoup.com *.doubleclick.net ct.pinterest.com *.ct.pinterest.com pinterest.com t.co www.facebook.com *.facebook.com *.mediaiqdigital.com bat.bing.com res.cloudinary.com wss://*.hotjar.com *.c.contentsquare.net increasingly.co www.increasingly.co *.increasingly.co gstatic.com www.gstatic.com *.gstatic.com google.pt adservice.google.pt *.adservice.google.pt google.com *.google.com google.com.ua *.google.com.ua google.co.uk google.nl *.google.nl google.co.in *.google.co.in google.co.id *.google.co.id google.ad *.google.ad google.bg *.google.bg google.fr *.google.fr google.com.pk *.google.com.pk google.com.bd *.google.com.bd google.de *.google.de google.com.hk *.google.com.hk google.pl *.google.pl google.ie *.google.ie *.livechatinc.com *.youtube.com pixel-autofeed-custom-endpoint.uc.r.appspot.com assets.sc-trc.com brxcdn.com; object-src 'none'; frame-src 'self' *.monetate.net *.livechatinc.com *.fls.doubleclick.net *.doubleclick.net pirbright.ac.uk *.pirbright.ac.uk www.pinterest.com *.pinterest.com www.pinterest.co.uk *.pinterest.co.uk www.pinterest.de *.pinterest.de www.pinterest.ie *.pinterest.ie *.travisperkins.co.uk https://www.travisperkins.co.uk www.facebook.com *.facebook.com pp.eshapay.net pp.ephapay.net dntcl.qualaroo.com *.doubleclick.net cdn-ukwest.onetrust.com *.cdn-ukwest.onetrust.com vars.hotjar.com googleadservices.com www.googleadservices.com *.googleadservices.com www.youtube.com *.youtube.com googletagmanager.com www.googletagmanager.com *.googletagmanager.com pay.google.com *.salecycle.com https://*.soreto.com; font-src 'self' *.amazonaws.com m7cdn.io *.m7cdn.io https://www.travisperkins.co.uk *.travisperkins.co.uk *.alicdn.com fonts.gstatic.com api.content.travisperkins.co.uk *.api.content.travisperkins.co.uk data: data; connect-src 'self' *.monetate.net *.livechatinc.com *.googlesyndication.com *.sciencebehindecommerce.com analytics.tiktok.com *.noibu.com wss://input.noibu.com *.clarity.ms maps.googleapis.com bat.bing.com *.contentsquare.net *.c.contentsquare.net *.feedspark.com www.facebook.com *.facebook.com *.increasingly.com *.increasingly.co *.hotjar.com wss://*.hotjar.com vc.hotjar.io *.onetrust.com *.amazonaws.com api.woosmap.com *.demoup.com *.powerreviews.com ct.pinterest.com *.ct.pinterest.com google-analytics.com www.google-analytics.com *.google-analytics.com analytics.google.com adservice.google.com google.com *.google.com *.doubleclick.net *.g.doubleclick.net *.travisperkins.co.uk api.edq.com stats.g.doubleclick.net *.stats.g.doubleclick.net prf.audiencemanager.de *.prf.audiencemanager.de *.audiencemanager.de google.com *.google.com google.com.ua *.google.com.ua google.co.uk *.google.co.uk google.nl *.google.nl google.co.in *.google.co.in google.co.id *.google.co.id google.ad *.google.ad google.bg *.google.bg google.fr *.google.fr google.com.pk *.google.com.pk google.com.bd *.google.com.bd google.de *.google.de google.com.hk *.google.com.hk google.pl *.google.pl google.ie *.google.ie atr-eu.veritonicmetrics.com api.uk.exponea.com *.salecycle.com wss://ws.salecycle.com https://*.soreto.com; style-src 'self' 'unsafe-inline' api.content.travisperkins.co.uk *.monetate.net *.userconversion.com m7cdn.io *.m7cdn.io dev.m7cdn.io increasingly.co www.increasingly.co *.increasingly.co fonts.googleapis.com ui.powerreviews.com events.demoup.com cdn.parcellab.com *.cdn.parcellab.com *.livechatinc.com *.youtube.com *.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.woosmap.com *.monetate.org *.pinimg.com www.zenaps.com *.brcdn.com *.qualaroo.com *.sciencebehindecommerce.com m7cdn.io *.brcdn.com *.adnxs.com *.googlesyndication.com analytics.tiktok.com *.tiktok.com *.facebook.net *.lavurtis.com lavurtis.com zenaps.com *.zenaps.com www.googleadservices.com *.noibu.com *.clarity.ms *.contentsquare.net app.contentsquare.com *.audiencemanager.de *.feedspark.com akt.audiencemanager.de api-internal.js *.demoup.com mpsnare.iesnare.com ui.powerreviews.com *.travisperkins.co.uk googletagmanager.com www.googletagmanager.com *.googletagmanager.com google-analytics.com www.google-analytics.com *.google-analytics.com www.googletagservices.com googleadservices.com www.googleadservices.com *.googleadservices.com maps.googleapis.com *.doubleclick.net ad.doubleclick.net *.ad.doubleclick.net *.monetate.net monetate.net cdn-ukwest.onetrust.com *.cdn-ukwest.onetrust.com *.hotjar.com www.dwin1.com cl.qualaroo.com ct.pinterest.com *.ct.pinterest.com increasingly.co www.increasingly.co *.increasingly.co connect.facebook.net *.connect.facebook.net static.ads-twitter.com *.ads-twitter.com analytics.twitter.com *.analytics.twitter.com s.pinimg.com bat.bing.com cdns.brsrvr.com *.cdns.brsrvr.com googleads.g.doubleclick.net *.googleads.g.doubleclick.net *.g.doubleclick.net static.demoup.com *.static.demoup.com api.content.travisperkins.co.uk *.api.content.travisperkins.co.uk google.com *.google.com *.livechatinc.com *.youtube.com cdn.veritonic.com api.uk.exponea.com static.powerreviews.com cdn.parcellab.com *.salecycle.com mymachine.salecycle.com:8080 https://*.soreto.com; media-src 'self' blob: *; ; report-uri /int-api/client-error-csp; report-to csp-endpoint |
| X-Xss-Protection | 0 |
| X-Content-Type-Options | nosniff |
| X-Envoy-Upstream-Service-Time | 2 |
| Connection | keep-alive |
| Access-Control-Allow-Credentials | true |
| X-Amz-Cf-Id | WXQyZDmP-dnapJ98pWgqaPRqEulimJteWMYvHjGTAoCJvV4cBQM8FA== |
| Etag | W/"271a-RIqdTpoUdnUbTrFznlh8DnixjDM" |
| X-Cache | Miss from cloudfront |
| Content-Type | text/html; charset=utf-8 |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar