| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| X-Content-Type-Options | nosniff |
| X-Esi | 1 |
| X-Frame-Options | SAMEORIGIN |
| X-Platform-Server | i-0c498e351fc8077fb |
| X-Xss-Protection | 1; mode=block |
| Content-Type | text/html; charset=UTF-8 |
| Age | 37441 |
| Date | Mon, 21 Apr 2025 21:37:30 GMT |
| X-Cache | MISS, HIT, HIT |
| X-Cache-Hits | 0, 210, 0 |
| Cache-Control | no-store, no-cache, must-revalidate, max-age=0 |
| Expires | Tue, 22 Apr 2025 11:13:29 GMT |
| Content-Security-Policy | upgrade-insecure-requests; |
| Traceresponse | 00-18385115a62abda9a31f99cc229d1ff5-6a18f0ffa51c3c3e-01 |
| X-Timer | S1745234009.028931,VS0,VE623 |
| X-Debug-Info | eyJyZXRyaWVzIjowfQ== |
| Pragma | cache |
| Vary | Accept-Encoding,vuk_is_ajax,Cookie |
| Connection | keep-alive |
| Content-Security-Policy-Report-Only | font-src fonts.gstatic.com use.typekit.net *.fontawesome.com www.searchanise.com *.searchserverapi.com staticw2.yotpo.com use.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com www.searchanise.com *.searchserverapi.com *.twitter.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.hub-box.com www.searchanise.com *.searchserverapi.com *.twitter.com secure.livechatinc.com widget.trustpilot.com frame.hubbox.com *.yotpo.com swellrewards.com *.swellrewards.com *.1account.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com *.twitter.com *.twimg.com www.google.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com services.postcodeanywhere.co.uk *.google-analytics.com *.analytics.google.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net magento-recs-sdk.adobe.net www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com www.googletagmanager.com *.adyen.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com songbirdstag.cardinalcommerce.com *.trackedlink.net *.trackedweb.net searchanise-ef84.kxcdn.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com cdn.cookie-script.com cdn.livechatinc.com api.livechatinc.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net widget.trustpilot.com searchserverapi.com cpage11112.pcapredict.com services.postcodeanywhere.co.uk *.yotpo.com swellrewards.com *.swellrewards.com *.1account.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com *.twitter.com services.postcodeanywhere.co.uk *.yotpo.com swellrewards.com *.swellrewards.com *.1account.net *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net api.magento.com *.adobe.io performance.typekit.net pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.hub-box.com api.amplitude.com stats.g.doubleclick.net bam.nr-data.net bam-cell.nr-data.net services.postcodeanywhere.co.uk api.livechatinc.com *.google-analytics.com *.analytics.google.com mcprod.vapeuk.co.uk *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; |
| Accept-Ranges | none |
| X-Served-By | cache-lhr-egll1980045-LHR, cache-lhr-egll1980045-LHR, cache-ams21063-AMS |
| Strict-Transport-Security | max-age=31557600 |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar