| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Server | Apache |
| Content-Language | en |
| X-Frame-Options | SAMEORIGIN |
| X-Xss-Protection | 1; mode=block |
| Date | Sun, 06 Apr 2025 13:14:10 GMT |
| Cache-Control | must-revalidate, no-cache, private |
| X-Drupal-Dynamic-Cache | UNCACHEABLE |
| X-Content-Type-Options | nosniff |
| Content-Security-Policy | default-src 'self'; script-src 'self' analytics.tiktok.com wcs.naver.net *.spring.wfp.org cdn.wfp.org *.jwplatform.com www.google.com *.googletagmanager.com tagmanager.google.com *.google-analytics.com survey.g.doubleclick.net *.doubleclick.net *.adalyser.com *.jwpcdn.com www.gstatic.com adservice.google.com connect.facebook.net www.facebook.com squizlabs.github.io cdnjs.cloudflare.com unpkg.com cdn.sparkcentral.com *.smooch.io *.user1st.info www.googleadservices.com bat.bing.com sixeleven.involve.me assets.juicer.io *.typekit.net *.hotjar.com *.hotjar.io platform.twitter.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com https://pagead2.googlesyndication.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.spring.wfp.org cdn.wfp.org tagmanager.google.com fonts.googleapis.com *.bootstrapcdn.com squizlabs.github.io cdn.sparkcentral.com *.user1st.info assets.juicer.io *.typekit.net; img-src 'self' blob: https: data:; media-src 'self' content.jwplatform.com *.jwpsrv.com cdn.jwplayer.com cdn.sparkcentral.com *.user1st.info blob:; frame-src 'self' *.jwpsrv.com www.google.com survey.g.doubleclick.net *.doubleclick.net cdn.knightlab.com forms.office.com content.jwplatform.com *.user1st.info www.youtube-nocookie.com sixeleven.involve.me saveful.com *.hotjar.com *.hotjar.io datawrapper.dwcdn.net platform.twitter.com a26943920264.cdn.optimizely.com a26943920264.cdn-pci.optimizely.com https://www.googletagmanager.com; child-src 'self' blob:; font-src 'self' cdn.wfp.org *.jwpcdn.com fonts.gstatic.com *.bootstrapcdn.com cdn.sparkcentral.com *.user1st.info static.juicer.io *.typekit.net *.hotjar.com *.hotjar.io data:; connect-src 'self' data: analytics.tiktok.com wcs.naver.com tiles.arcgis.com spring.wfp.org *.spring.wfp.org cdn.wfp.org geonode.wfp.org *.google-analytics.com *.analytics.google.com *.googletagmanager.com analytics.google.com api.mapbox.com geoip.nekudo.com api.ipify.org api.ip2country.info mycountry.picktek.org content.jwplatform.com *.jwpsrv.com cdn.jwplayer.com acr.api.spring.wfp.org cdn.sparkcentral.com *.smooch.io *.user1st.info stats.g.doubleclick.net fh.mg.wfp.org geoip.maxmind.com www.juicer.io juicer.io graph.facebook.com *.typekit.net *.sentry.io bat.bing.com *.hotjar.com *.hotjar.io *.jwpltx.com logx.optimizely.com *.optimizely.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://www.google.com https://google.com 'self' ws: https://o274918.ingest.sentry.io/api/5249464/store/ https://o274918.ingest.sentry.io/api/5249464/envelope/; upgrade-insecure-requests |
| Strict-Transport-Security | max-age=2592000 |
| Content-Type | text/html; charset=UTF-8 |
| Link | <https://www.wfp.org/>; rel="alternate"; hreflang="en", <https://ar.wfp.org/>; rel="alternate"; hreflang="ar", <https://fr.wfp.org/>; rel="alternate"; hreflang="fr", <https://es.wfp.org/>; rel="alternate"; hreflang="es", <https://zh.wfp.org/>; rel="alternate"; hreflang="zh-hans", <https://fa.wfp.org/>; rel="alternate"; hreflang="fa", <https://de.wfp.org/>; rel="alternate"; hreflang="de", <https://it.wfp.org/>; rel="alternate"; hreflang="it", <https://ja.wfp.org/>; rel="alternate"; hreflang="ja", <https://ko.wfp.org/>; rel="alternate"; hreflang="ko", <https://ru.wfp.org/>; rel="alternate"; hreflang="ru" |
| Expires | Sun, 19 Nov 1978 05:00:00 GMT |
| Referrer-Policy | no-referrer-when-downgrade |
| X-Drupal-Cache | HIT |
| Connection | keep-alive |
| X-Permitted-Cross-Domain-Policies | none |
| Access-Control-Expose-Headers | * |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar