Open
Cached
·
just now
20
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Basic
block-all-mixed-content; default-src; base-uri; +12 more
block-all-mixed-content; default-src 'self'; base-uri 'self'; form-action 'self' flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.jp flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com.cn flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.eu flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.kr flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw flightbookings.grabaseat.co.nz govtbookings.airnewzealand.co.nz txn.apac.paywithpoli.com online.asb.co.nz bank.westpac.co.nz checkoutshopper-test.adyen.com checkoutshopper-live-au.adyen.com test.adyen.com au-connect.authsignal.com auth.identity.airnewzealand.com auth.identity.qual.airnewzealand.com; script-src 'self' p-airnz.com 'unsafe-inline' 'unsafe-eval' *.airnewzealand.co.nz musculahq.appspot.com dnn506yrbagrg.cloudfront.net xsell.expedia.com ddc.optimahub.com www.newzealand.com *.demdex.net www.everestjs.net oc-cdn-public-oce.azureedge.net https://unpkg.com/[email protected]/dist/chat-adapter.js www.googleadservices.com www.google.com www.googletagmanager.com pagead2.googlesyndication.com googleads.g.doubleclick.net *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com www.google-analytics.com analytics.google.com tagmanager.google.com *.doubleclick.net static.hotjar.com script.hotjar.com https://widget.timatic.iata.org/scripts/iata-timatic-widget-live.js md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com analytics-fe.digital-cloud-syd1.medallia.com.au cdn-au.onetrust.com cdn-assets-prod.s3.amazonaws.com *.optimizely.com optimizely-hrd.appspot.com optimizely.s3.amazonaws.com upgrade.plusgrade.com s.swiftypecdn.com s.wayin.com xd.wayin.com x.wayin.com eu-x.wayin.com s.engagesciences.com display.engagesciences.com display.wayin.com yourir.info www.youtube.com s.ytimg.com; style-src 'unsafe-inline' p-airnz.com 'self' oc-cdn-public-oce.azureedge.net fonts.googleapis.com tagmanager.google.com static.hotjar.com script.hotjar.com upgrade-cdn-prd.plusgrade.com upgrade-prod-cdn.plusgrade.com s.swiftypecdn.com yourir.info; img-src https: data: blob: ad.doubleclick.net ade.googlesyndication.com adservice.google.com www.googletagmanager.com www.google.com static.hotjar.com script.hotjar.com *.kampyle.com i.ytimg.com; font-src p-airnz.com 'self' *.cdn.office.net fonts.googleapis.com fonts.gstatic.com script.hotjar.com data: dhm5hy2vn8l0l.cloudfront.net; media-src 'self' p-airnz.com data:; frame-src 'self' txn.apac.paywithpoli.com online.asb.co.nz bank.westpac.co.nz sec.windcave.com uat.windcave.com checkoutshopper-test.adyen.com checkoutshopper-live-au.adyen.com test.adyen.com airnz-cargo.chooose.today airnz-corporate.chooose.today emissions-platform.airnewzealand.co.nz airpointscalculator.co.nz *.airnewzealand.co.nz hotels.airnewzealand.co.nz *.demdex.net www.everestjs.net pixel.everesttech.net au-connect.authsignal.com auth.identity.airnewzealand.com identity.airnewzealand.com oc-cdn-public-oce.azureedge.net blob: comms.omnichannelengagementhub.com customervoice.microsoft.com www.googletagmanager.com td.doubleclick.net *.google.com *.doubleclick.net vars.hotjar.com nebula-cdn.kampyle.com *.cdn-pci.optimizely.com nz.fltmaps.com xd.wayin.com x.wayin.com eu-x.wayin.com display.engagesciences.com airnz.wufoo.com www.youtube.com; worker-src blob:; connect-src 'self' api.airnz.io api.airnz.ai p-airnz.com sec.windcave.com uat.windcave.com checkoutshopper-test.adyen.com checkoutshopper-live-au.adyen.com muscula.herokuapp.com tourismnz.sc.omtrdc.net *.demdex.net *.tt.omtrdc.net identity.airnewzealand.com unq0355446423e84eb397bc71189d78d-crm6.omnichannelengagementhub.com browser.pipe.aria.microsoft.com *.omnichannelengagementhub.com *.au.omnichannelengagementhub.com https://*.trouter.skype.com wss://*.trouter.skype.com edge.skype.com *.communication.azure.com ocsdk-prod.azureedge.net blob: pagead2.googlesyndication.com www.googleadservices.com www.google.com google.com ad.doubleclick.net *.googleapis.com *.google.com *.gstatic.com www.google-analytics.com region1.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://widget.timatic.iata.org/api/ md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com analytics-fe.digital-cloud-syd1.medallia.com.au cdn-au.onetrust.com geolocation.onetrust.com privacyportal-au.onetrust.com *.optimizely.com https://*.sentry.io s.swiftypecdn.com search-api.swiftype.com yourir.info; object-src 'none'; frame-ancestors 'self' www.airnewzealand.com.au www.airnewzealand.com www.airnewzealand.ca www.airnewzealand.co.uk www.airnewzealand.eu www.airnewzealand.co.jp www.airnewzealand.jp www.airnewzealand.com.sg www.airnewzealand.pf www.airnewzealand.cn www.airnewzealand.com.cn www.airnewzealand.hk www.airnewzealand.com.hk www.airnewzealand.tw www.airnewzealand.com.tw www.airnewzealand.co.kr www.airnewzealand.kr www.grabaseat.co.nz flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.jp flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.co.nz govtbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com flightbookings.airnewzealand.com.cn flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.eu flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.kr flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw flightbookings.grabaseat.co.nz; report-uri /csp-report
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin
Permissions-Policy
Present
geolocation=(self "https://p-airnz.com"), camera=(), fullscreen=(self "https://www.youtube.com"), accelerometer=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), sync-xhr=(*), usb=(), web-share=(self), clipboard-read=(), clipboard-write=()
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
Performance Headers
1 headers
Connection
Performance
keep-alive
Caching Headers
3 headers
Cache-Control
Caching
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Expires
Caching
0
Last-Modified
Caching
Thu, 20 Nov 2025 19:00:14 GMT
Content Headers
2 headers
Content-Length
Content
254788
Content-Type
Content
text/html; charset=UTF-8
Server Headers
1 headers
Server
Server
nginx
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
6 headers
Alt-Svc
Other
h3=":443"; ma=86400
Date
Other
Thu, 20 Nov 2025 21:44:57 GMT
Via
Other
1.1 68d323cfd4a0f1ae252f92c083654190.cloudfront.net (CloudFront)
X-Amz-Cf-Id
Other
03ubbJw6NIrgMDMs98cVUBiJsJM7NsIYyy4UcL00pfWQVg_rIUY7LA==
X-Amz-Cf-Pop
Other
IAD89-P2
X-Cache
Other
Miss from cloudfront
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 2211ms