| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
| Referrer-Policy | no-referrer-when-downgrade |
| Content-Security-Policy | default-src 'self';form-action 'self' *.beaconforms.com www.facebook.com *.turn2us.org.uk turn2us.ebm.ai;frame-ancestors 'self' *.hosted.positive.co.uk admin.t2u.local t2u13-cms-prod.hosted.positive.co.uk *.turn2us.org.uk;frame-src 'self' td.doubleclick.net turn2us.ebm.ai turn2us.beaconforms.com turn2us.eaction.org.uk consentcdn.cookiebot.com consent.cookiebot.com *.facebook.com *.twitter.com *.snapsurveys.com player.vimeo.com s7.addthis.com www.youtube.com *.webspellchecker.net *.playbuzz.com turn2usuk.charitycheckout.co.uk syntelatewebchatc1.azurewebsites.net *.google.com secure.barclaycard.co.uk *.hotjar.com win.newmode.net js.stripe.com;img-src 'self' data: https: *.googletagmanager.com www.facebook.com *.siteimproveanalytics.io;connect-src 'self' wss://*.hotjar.com *.hotjar.io *.hotjar.com consentcdn.cookiebot.com consent.cookiebot.com region1.google-analytics.com www.google-analytics.com region1.analytics.google.com turn2us.ebm.ai base.newmode.net api.mapbox.com;object-src 'none';script-src 'unsafe-inline' 'unsafe-eval' 'self' *.hotjar.io *.hotjar.com www.googleoptimize.com static.beaconproducts.co.uk turn2us.eaction.org.uk consentcdn.cookiebot.com consent.cookiebot.com www.gstatic.com z.moatads.com s.ytimg.com www.youtube.com code.jquery.com cdnjs.cloudflare.com *.addthisedge.com *.addthis.com maps.googleapis.com maps.google.com s7.addthis.com fonts.googleapis.com apis.google.com www.googletagmanager.com www.google-analytics.com tagmanager.google.com platform.twitter.com uk1.siteimprove.com siteimproveanalytics.com cdn.syndication.twimg.com syntelatewebchatc1.azurewebsites.net wwwturn2us-2938.cdn.hybridcloudspan.com *.webspellchecker.net *.playbuzz.com app.charitycheckout.co.uk connect.facebook.net *.google.com secure.barclaycard.co.uk *.hotjar.com turn2us.ebm.ai win.newmode.net base.newmode.net js.stripe.com;style-src 'self' 'unsafe-inline' ws.hotjar.com content.hotjar.io turn2us.ebm.ai base.newmode.net fonts.googleapis.com;worker-src 'self' blob: *.hosted.positive.co.uk admin.t2u.local t2u13-cms-prod.hosted.positive.co.uk *.turn2us.org.uk; |
| Content-Type | text/html; charset=utf-8 |
| Access-Control-Allow-Origin | https://www.turn2us.org.uk |
| Permissions-Policy | accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=() |
| X-Xss-Protection | 1; mode=block |
| Cache-Control | no-store, no-cache, must-revalidate |
| Vary | Accept-Encoding |
| X-Content-Type-Options | nosniff |
| X-Permitted-Cross-Domain-Policies | none |
| X-Ssl-Protocol | TLSv1.3 |
| Connection | keep-alive |
| Date | Sat, 19 Apr 2025 06:40:11 GMT |
| Sversion | PALSS 10.1.1.110222 |
| Scluster | hd1-ams.hybridcloudspan.com |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar