| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Content-Type | text/html; charset=UTF-8 |
| Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
| Content-Security-Policy-Report-Only | default-src 'self' f.vimeocdn.com; connect-src 'self' blob: data: ws: wss: *.6sc.co *.6sense.com *.agora.io llhls-live.akamaized.net *.amplitude.com bat.bing.com bat.bing.net www.bing.com api.branch.io cdn.builder.io d2by6sxflmuwyq.cloudfront.net duysrfiajusdh.cloudfront.net browser-intake-datadoghq.com *.g.doubleclick.net *.elfsight.com www.facebook.com s-usc1f-nss-6502.firebaseio.com tracking-api.g2.com *.google.com *.google.ca *.google.com.br *.analytics.google.com *.google-analytics.com *.googleapis.com csi.gstatic.com pagead2.googlesyndication.com *.googletagmanager.com *.hivestreaming.com 117151225.intellimizeio.com api.intellimize.co cdn.intellimize.co log.intellimize.co *.kollective.app snap.licdn.com px.ads.linkedin.com linkedin.com sticker.cdn.magisto.com vimeo.magisto.com *.maze.co 582-gou-684.mktoresp.com t.paypal.com data.pendo.io *.pndsn.com privacyportal.onetrust.com privacyportal-cdn.onetrust.com app.qualified.com *.qualtrics.com pixel-config.reddit.com www.redditstatic.com *.riskified.com cds-web-2.ap.sd-rtn.com sierra.chat simonsignal.com static.simonsignal.com sdk-api-v1.singular.net web-sdk-cdn.singular.net telemetry.transcend.io transcend-cdn.com *.vimeo.com vimeo.com *.vimeo.work *.vimeocdn.com cdn.widerfunnel.com *.wirewax.com *.zdassets.com vimeosupport.zendesk.com ws.zoominfo.com; font-src 'self' data: d2by6sxflmuwyq.cloudfront.net fonts.gstatic.com privacyportal-cdn.onetrust.com www.paypalobjects.com cf-st.sc-cdn.net use.typekit.net *.videoji.cn f.vimeocdn.com edge-assets.wirewax.com; frame-src 'self' bat.bing.com challenges.cloudflare.com td.doubleclick.net 3600063.fls.doubleclick.net *.g.doubleclick.net www.facebook.com vimeo-live-streamhealth-prod.firebaseapp.com vimeo-chat.firebaseapp.com vimeo-live-composer-prod.firebaseapp.com s-usc1b-nss-2113.firebaseio.com s-usc1f-nss-6502.firebaseio.com *.google.com storage.googleapis.com www.googletagmanager.com 117151225.intellimizeio.com lp.livestream.com www.paypal.com app.qualified.com vimeo.com *.vimeo.com static.zdassets.com us01ccistatic.zoom.us *.zuora.com; img-src * blob: data:; media-src 'self' blob: data: download-video.akamaized.net llhls-live.akamaized.net d1oca24q5dwo6d.cloudfront.net duysrfiajusdh.cloudfront.net media.gettyimages.com *.cdn.magisto.com player.vimeo.com *.vimeocdn.com app.qualified.com https://s3.amazonaws.com/sound.sightera.com/ https://storage.googleapis.com/vimeo-create-prod-files; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: ws: wss: *.6sc.co app.link bat.bing.com cdnjs.cloudflare.com challenges.cloudflare.com www.datadoghq-browser-agent.com securepubads.g.doubleclick.net www.dropbox.com static.elfsight.com *.elfsightcdn.com connect.facebook.net s-usc1b-nss-2113.firebaseio.com s-usc1f-nss-6502.firebaseio.com vimeo-chat.firebase.io tracking.g2crowd.com *.google.com www.googleadservices.com www.gstatic.com *.google-analytics.com maps.googleapis.com pendo-static-6633483048714240.storage.googleapis.com pagead2.googlesyndication.com www.googletagmanager.com www.googletagservices.com cdn.intellimize.co snap.licdn.com lp.livestream.com munchkin.marketo.net snippet.maze.co privacyportal-cdn.onetrust.com www.paypalobjects.com cdn.pendo.io js.qualified.com data.pendo.io *.qualtrics.com www.redditstatic.com beacon.riskified.com secured-pixel.com sierra.chat static.simonsignal.com web-sdk-cdn.singular.net transcend-cdn.com *.videoji.cn *.vimeo.com *.vimeocdn.com cdn.widerfunnel.com embedder-sdk.wirewax.com origin-4.xtlo.net static.zdassets.com us01ccistatic.zoom.us ws.zoominfo.com static.zuora.com https://www.dropbox.com/static/api/2/dropins.js; style-src 'self' 'unsafe-inline' *.6sc.co cdn01.boxcdn.net cdnjs.cloudflare.com accounts.google.com fonts.googleapis.com pendo-static-6633483048714240.storage.googleapis.com www.gstatic.com lp.livestream.com privacyportal-cdn.onetrust.com www.paypalobjects.com sierra.chat *.videoji.cn *.vimeo.com *.vimeocdn.com vimeopro.com transcend-cdn.com cdn.widerfunnel.com edge-assets.wirewax.com origin-4.xtlo.net; worker-src 'self' blob:; report-to csp-endpoint; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=puba92ed04ee7cceea44335c3d8c1ccc173&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Acspreport%2Cenv%3Aproduction |
| X-Cms-Version | 4.3 |
| Reporting-Endpoints | csp-endpoint='https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=puba92ed04ee7cceea44335c3d8c1ccc173&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Acspreport%2Cenv%3Aproduction' |
| X-Vserver | web-varnish-889797789-67tpb |
| X-Cache | MISS, MISS |
| Connection | keep-alive |
| X-Frame-Options | sameorigin |
| X-Timer | S1743815767.802746,VS0,VE145 |
| Cf-Ray | 92b532be6f2e0a75-AMS |
| Cache-Control | no-store, max-age=0 |
| Vary | Accept-Encoding, X-Geo-Vary-Group, Crossroads-Backend,x-http-method-override |
| X-Content-Type-Options | nosniff |
| X-Varnish-Cache | 0 |
| Cf-Cache-Status | DYNAMIC |
| Via | 1.1 varnish (Varnish/6.0), 1.1 varnish, 1.1 varnish |
| X-Bapp-Server | pweb-d4bd796ff-hbn6s |
| X-Vimeo-Device | d |
| Age | 0 |
| X-Backend-Proxy | web-varnish-889797789-67tpb |
| X-Cache-Hits | 0, 0 |
| Date | Sat, 05 Apr 2025 01:16:06 GMT |
| X-Served-By | cache-iad-kjyo7100050-IAD, cache-rtm-ehrd2290045-RTM |
| X-Ua-Compatible | IE=edge |
| X-Xss-Protection | 1; mode=block |
| Server | cloudflare |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar