| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Accept-Ranges | bytes |
| X-Cache-Hits | 0, 19, 0 |
| Vary | Accept-Encoding,Cookie |
| X-Platform-Server | i-00e0f1cb25f69c21a |
| X-Debug-Info | eyJyZXRyaWVzIjowfQ== |
| Expires | Wed, 16 Apr 2025 21:01:38 GMT |
| X-Cache | MISS, HIT, HIT |
| Cache-Control | no-store, no-cache, must-revalidate, max-age=0 |
| Content-Type | text/html; charset=UTF-8 |
| Content-Security-Policy-Report-Only | font-src fonts.gstatic.com use.typekit.net *.typekit.net *.squarecdn.com *.googleapis.com *.gstatic.com *.google.com *.zmags.com *.espssl.com *.virtooal.com *.paypal.com *.googletagmanager.com *.zopim.com *.apptrian.com *.facebook.com *.google-analytics.com *.paypalobjects.com *.googleadservices.com *.searchspring.net *.viemo.com *.searchspring.io widget-mediator.zopim.com *.xtento.com *.auglio.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.getfastr.com *.narvar.com *.narvar.qa *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.facebook.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.spring.citi.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.authorize.net *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.braintreegateway.com *.paypal.com widgets.sandbox.afterpay.com *.sharethis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: *.authorize.net *.facebook.com *.zmags.com *.doubleclick.net *.virtooal.com *.iglobalstores.com *.pinterest.com *.webeyez.com *.apptrian.com *.zopim.com *.google-analytics.com *.paypalobjects.com *.googleadservices.com *.googleapis.com *.searchspring.net *.viemo.com *.gstatic.com *.searchspring.io widget-mediator.zopim.com *.xtento.com *.truefitcorp.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.spring.citi.com *.ehappify.com *.weltpixel.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com landofcoder.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.sharethis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.google.com *.zmags.com *.zonos.com *.bing.com *.pinterest.com *.google.co.in *.clarity.ms *.cloudfront.net *.cocoreefswim.com *.tyr.com *.espssl.com *.listrakbi.com *.facebook.net *.googletagmanager.com *.postcodeanywhere.co.uk *.doubleclick.net *.shareasale.com *.beachhouseswim.com *.beach2ocean.com cfvod.kaltura.com *.cookielaw.org *.rakuten.com *.linksynergy.com *.xg4ken.com *.amazonaws.com *.narvar.com *.narvar.qa https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ store.paradoxlabs.com www.xtento.com cdn.xtento.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net assets.adobedtm.com *.magento-datasolutions.com *.magento-ds.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.sharethis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.authorize.net sandbox-assets.secure.checkout.visa.com *.google.com *.zmags.com *.listrakbi.com *.searchspring.net *.zonos.com *.pinimg.com *.bing.com *.iglobalstores.com *.cloudfront.net *.dwin1.com *.clarity.ms *.newrelic.com *.nr-data.net *.g.doubleclick.net *.pcapredict.com *.postcodeanywhere.co.uk *.zendesk.com *.zdassets.com *.virtooal.com *.listrak.com *.zopim.com wss://widget-mediator.zopim.com widget-mediator.zopim.com *.google.co.in cdnapisec.kaltura.com code.jquery.com *.webeyez.com *.facebook.com *.xtento.com *.apptrian.com *.googletagmanager.com *.viemo.com *.google-analytics.com *.paypalobjects.com *.cloudflare.com *.cookielaw.org *.auglio.com *.nagich.com *.truefitcorp.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.zma.gs *.searchspring.io *.spring.citi.com *.barilliance.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com https://cdn.searchspring.net/intellisuggest/is.min.js https://www.googletagmanager.com tagmanager.google.com landofcoder.com www.xtento.com cdn.xtento.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com static.afterpay.com/ *.squarecdn.com *.sharethis.com unsafe-inline assets.braintreegateway.com *.google.com *.typekit.net *.zmags.com *.listrakbi.com *.searchspring.net *.postcodeanywhere.co.uk *.virtooal.com *.facebook.com egiftifymerchantassets.s3.amazonaws.com *.auglio.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.zma.gs *.amazonaws.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com tagmanager.google.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.zdassets.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.spring.citi.com *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com api.magento.com performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.adobe.io *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.sharethis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.authorize.net *.zmags.com *.listrakbi.com *.listrak.com *.zonos.com *.clarity.ms *.nr-data.net *.cloudflare.com *.pinterest.com *.g.doubleclick.net *.searchspring.io *.postcodeanywhere.co.uk *.virtooal.com *.zdassets.com *.zendesk.com *.zopim.com *.grin.co wss://widget-mediator.zopim.com widget-mediator.zopim.com *.webeyez.com *.googletagmanager.com *.apptrian.com *.facebook.com *.google-analytics.com *.paypalobjects.com *.googleadservices.com *.viemo.com *.gstatic.com *.tyr.com *.cookielaw.org *.nagich.com *.truefitcorp.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.addressy.com *.zma.gs *.barilliance.com *.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://beacon.searchspring.io/beacon https://www.google-analytics.com landofcoder.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; |
| Age | 12355 |
| X-Timer | S1744750898.123442,VS0,VE718 |
| Traceresponse | 00-183699b2a0adfafae0e632724e07129e-a4d16a79fd3c976d-01 |
| Date | Wed, 16 Apr 2025 00:27:33 GMT |
| Connection | keep-alive |
| X-Frame-Options | SAMEORIGIN |
| X-Served-By | cache-bfi-kbfi7400037-BFI, cache-bfi-kbfi7400037-BFI, cache-ams21068-AMS |
| Strict-Transport-Security | max-age=31557600 |
| Pragma | cache |
| X-Content-Type-Options | nosniff |
| X-Xss-Protection | 1; mode=block |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar