| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Server | Apache |
| X-Frame-Options | SAMEORIGIN |
| X-Content-Type-Options | nosniff |
| Vary | Accept-Encoding |
| X-Cache | Miss from cloudfront |
| X-Amz-Cf-Pop | AMS58-P3 |
| Connection | keep-alive |
| Strict-Transport-Security | max-age=31536000; includeSubdomains |
| Content-Type | text/html; charset=utf-8 |
| Last-Modified | Mon, 07 Apr 2025 13:56:49 GMT |
| Accept-Ranges | bytes |
| Cache-Control | max-age=60, s-maxage=60, stale-if-error=3600 |
| Via | 1.1 5090b605a7b968781de55827dd170bf2.cloudfront.net (CloudFront) |
| X-Amz-Cf-Id | sIV9NkDT-6W_WtmS_U4nV_Es5CHtcZJovt-ax6O-YlDJkmE0F65-dA== |
| Date | Mon, 07 Apr 2025 14:09:09 GMT |
| Content-Security-Policy | default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.ads-twitter.com *.hsbc.ae *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com *.liveperson.com *.cdn-apple.com *.g.doubleclick.net *.brightcove.net *.google-analytics.com *.zencdn.net www.google.com *.v.liveperson.net *.issthk-dev.hsbc.com.hk:*; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.googleapis.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.brightcovecdn.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com *.biocatch.com *.facebook.com *.googletagmanager.com *.liveperson.net *.brightcove.com *.google-analytics.com *.g.doubleclick.net *.execute-api.us-east-1.amazonaws.com *.analytics.google.com *.google.com.sg *.google.cn *.eu.v2.customers.biocatch.com log-b414bfba.us.v2.we-stats.com *.issthk-dev.hsbc.com.hk:*; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net *.online-metrix.net *.facebook.com bid.g.doubleclick.net connect.facebook.net *.v.liveperson.net cdntm.us.hsbc.com; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk *.gstatic.com fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com *.alicdn.com *.typekit.net *.googleusercontent.com *.avast.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net *.liveperson.net; object-src 'self' blob: players.brightcove.net; child-src 'self'; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com *.lpsnmedia.net; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report; |
| S | dispatcher3useast2-b80 |
| X-Xss-Protection | 1; mode=block |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar