Open
Cached
·
just now
25
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Good
connect-src; img-src; script-src; +9 more
connect-src *.onetrust.com cdn.cookielaw.org 'self' *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.onetrust.com cdn.cookielaw.org bam.nr-data.net bam-cell.nr-data.net www.google.com/recaptcha/ api-eu.cr-dev.com api-us.cr-dev.com cr-worldwide-assets.s3.amazonaws.com cr-asset-hosting.s3.amazonaws.com d18ky1najc957h.cloudfront.net; img-src cdn.cookielaw.org 'self' cdn.cookielaw.org dsn08qfebpsta.cloudfront.net d3i71e3tjxol3q.cloudfront.net www.google-analytics.com www.googletagmanager.com p.typekit.net my-rewards.co.uk cr-asset-hosting.s3.amazonaws.com cr-asset-hosting.s3.eu-west-1.amazonaws.com i.vimeocdn.com cdn.worldwide-rewards.com www.my-rewards.co.uk cdn.my-rewards.co.uk dsn08qfebpsta.cloudfront.net data: blob:; script-src 'self' 'strict-dynamic' 'report-sample' js-agent.newrelic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ cdn.cookielaw.org use.typekit.net cdn.my-rewards.co.uk dsn08qfebpsta.cloudfront.net 'nonce-XCuH5atiVCqowp/D0EJqIg=='; style-src 'self' 'unsafe-inline' www.gstatic.com fonts.googleapis.com use.typekit.net p.typekit.net www.gstatic.com use.fontawesome.com cdn.my-rewards.co.uk cdn.worldwide-rewards.com cdn.my-rewards.co.uk dsn08qfebpsta.cloudfront.net; font-src 'self' use.typekit.net fonts.gstatic.com www.worldwide-rewards.com d3i71e3tjxol3q.cloudfront.net my-rewards.co.uk use.fontawesome.com cdn.my-rewards.co.uk dsn08qfebpsta.cloudfront.net; frame-src 'self' www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ https://player.vimeo.com https://www.youtube.com cdn.my-rewards.co.uk dsn08qfebpsta.cloudfront.net; frame-ancestors 'self' cdn.my-rewards.co.uk dsn08qfebpsta.cloudfront.net; form-action 'self'; default-src 'self'; object-src 'none'; upgrade-insecure-requests; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubb7a59fca026e2820b25fa8714def42b7&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env%3Aproduction%2Cservice%3Amyrewards
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
geolocation=(), camera=(), microphone=()
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Strengthen CSP by removing 'unsafe-eval'
Performance Headers
3 headers
Connection
Performance
Transfer-Encoding
Transfer-Encoding
Performance
chunked
Vary
Performance
origin
Caching Headers
2 headers
Cache-Control
Caching
max-age=0, private, must-revalidate
Etag
Caching
W/"d378b85701af1b99b79bb2f038a6a766"
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
2 headers
Server
Server
cloudflare
X-Runtime
Server
0.151763
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
__cf_bm=zqb2BAuiPXVdUb7uyUkaOZse.nX2JCz9gN5oTQPxXos-1769067033.3249807-1.0.1.1-as7TKwIhOpNQ0XMes6xoS6eOhmgFMPvomn8tH9kp328kriuohUH6PtZPiCW61P8zLUpJgj_e3.ZK4JQlsJ2KNRaSUsEQAAR5jxJzFrWL4.6dJVhKCWNToBb3NQGl7DMK; HttpOnly; Secure; Path=/; Domain=delta.prod.360insights.io; Expires=Thu, 22 Jan 2026 08:00:33 GMT
Other Headers
9 headers
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
9c1d58be4fe3d6b3-IAD
Date
Other
Thu, 22 Jan 2026 07:30:34 GMT
Status
Other
200 OK
X-Download-Options
Other
noopen
X-Permitted-Cross-Domain-Policies
Other
none
X-Rack-Cache
Other
miss
X-Rack-Cors
Other
miss; no-origin
X-Request-Id
Other
68ed8f7e-73ac-4c85-9088-2bad72d7c4e9
Recommendations
Enable compression (gzip/brotli) to improve performance