Open
Cached
·
just now
30
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Basic
default-src; worker-src; script-src; +9 more
default-src 'self' blob: *.aman-d8.my127.site *.brightcove.net *.brightcove.com *.boltdns.net *.akamaihd.net *.typekit.net *.nr-data.net *.buyatab.com *.aman.com *.quantummetric.com cloud.typography.com *.sojern.com 'unsafe-inline' 'unsafe-eval'; worker-src blob: *.aman.com *.rudderlabs.com; script-src 'self' 'unsafe-inline' blob: *.googleapis.com 'unsafe-eval' *.brightcove.net *.googletagmanager.com *.newrelic.com *.nr-data.net *.typekit.net *.buyatab.com *.aman.com *.ipstack.com *.quantummetric.com *.doubleclick.net *.googleadservices.com impactradius-event.com utt.impactcdn.com *.cinnox.com *.gstatic.com *.onetrust.com *.synxis.com *.recaptcha.net *.google.com logs-01.loggly.com ojrq.net *.zencdn.net *.thehotelsnetwork.com *.google-analytics.com https://d2wy8f7a9ursnm.cloudfront.net/v6/bugsnag.min.js *.analytics.google.com s.yimg.jp snap.licdn.com connect.facebook.net d.line-scdn.net p.relay-t.io js.sentry-cdn.com *.yahoo.co.jp *.clarity.ms bat.bing.com cdn.linkedin.oribi.io https://cdn.jsdelivr.net/gh/jonthornton/[email protected]/jquery.timepicker.min.js https://cdn.jsdelivr.net/gh/jackocnr/[email protected]/build/js/intlTelInput-jquery.min.js https://cdn.jsdelivr.net/gh/jackocnr/[email protected]/build/js/intlTelInput.min.js https://cdn.jsdelivr.net/gh/jackocnr/[email protected]/build/js/utils.js fxgate.baidu.com secure-hotel-tracker.com newbooking.azds.com *.cinnox.cn https://*.googletagmanager.com aman-d8.my127.site browser.sentry-cdn.com *.visualwebsiteoptimizer.com app.vwo.com https://acsbapp.com https://accesswidget-log-receiver.acsbapp.com https://global.localizecdn.com https://js.appboycdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://js.adsrvr.org https://*.cloudflare.com https://*.metrics.brightcove.com api.mapbox.com js-agent.newrelic.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://ap.srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com *.sojern.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' cloud.typography.com *.buyatab.com *.aman.com *.cinnox.com *.googleapis.com *.bootstrapcdn.com *.synxis.com *.thehotelsnetwork.com https://cdn.jsdelivr.net/gh/jonthornton/[email protected]/jquery.timepicker.min.css https://cdn.jsdelivr.net/gh/jackocnr/[email protected]/build/css/intlTelInput.min.css newbooking.azds.com cdnjs.cloudflare.com *.cinnox.cn *.aman-d8.my127.site *.visualwebsiteoptimizer.com app.vwo.com https://use.fontawesome.com api.mapbox.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://ap.srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com; img-src 'self' data: about: *.brightcove.net *.brightcove.com *.googletagmanager.com *.buyatab.com *.aman.com *.cinnox.com *.boltdns.net *.google-analytics.com *.onetrust.com *.thehotelsnetwork.com https://www.google.com https://www.google.com.uk https://www.google.co.uk https://px.ads.linkedin.com https://cdn.jsdelivr.net/gh/jackocnr/[email protected]/build/img/flags.png bat.bing.com tr.line.me ad.doubleclick.net doubleclick.net www.facebook.com *.clarity.ms newbooking.azds.com dbmajt85xhr99.cloudfront.net controlcenter-p1.synxis.com newbooking.azds.com dbmajt85xhr99.cloudfront.net d1t1qzzb2zwrre.cloudfront.net *.bing.com *.linkedin.com *.cinnox.cn https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com *.aman-d8.my127.site *.visualwebsiteoptimizer.com chart.googleapis.com app.vwo.com appboy-images.com braze-images.com cdn.braze.eu https://ade.googlesyndication.com *.mapbox.com https://*.cloudflare.com api.mapbox.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://ap.srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com; media-src 'self' blob: *.buyatab.com *.aman.com *.akamaihd.net *.boltdns.net *.aman-d8.my127.site *.brightcovecdn.com *.media.brightcove.com *.cf.brightcove.com; frame-src *; frame-ancestors 'self'; child-src *; font-src 'self' data: *.typekit.net *.aman.com *.gstatic.com *.cinnox.com *.thehotelsnetwork.com newbooking.azds.com dbmajt85xhr99.cloudfront.net d1t1qzzb2zwrre.cloudfront.net *.cinnox.cn *.aman-d8.my127.site https://use.fontawesome.com; connect-src 'self' *.aman.com *.boltdns.net *.thehotelsnetwork.com *.quantummetric.com *.akamaihd.net *.doubleclick.net *.google-analytics.com *.nr-data.net ws: 'unsafe-eval' *.googleapis.com *.onetrust.com *.synxis.com *.cinnox.com impactradius-event.com utt.impactcdn.com *.brightcove.com ojrq.net logs-01.loggly.com amanresorts.pxf.io sessions.bugsnag.com p.relay-t.io cdn.linkedin.oribi.io pagead2.googlesyndication.com *.clarity.ms newbooking.azds.com *.analytics.google.com *.cinnox.cn https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com *.aman-d8.my127.site px.ads.linkedin.com am.yahoo.co.jp *.visualwebsiteoptimizer.com app.vwo.com https://cdn.acsbapp.com/config/stage.www.aman.com/config.json https://cdn.acsbapp.com/cache/app/wildcards.json https://sdk.iad-01.braze.com https://sdk.fra-02.braze.eu https://www.facebook.com *.mapbox.com p.typekit.net use.typekit.net fastly-signed-eu-west-1-prod.brightcovecdn.com *.brightcovecdn.com insight.adsrvr.org bat.bing.com apm.yahoo.co.jp https://tags.srv.stackadapt.com https://srv.stackadapt.com https://ap.srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com *.sojern.com; upgrade-insecure-requests
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Cookie,Accept-Encoding
Caching Headers
4 headers
Age
Caching
6756
Cache-Control
Caching
public, max-age=31536000, s-maxage=60, stale-if-error=86400, stale-while-revalidate=86400
Expires
Caching
Sun, 25 Jan 2026 02:49:08 GMT
Last-Modified
Caching
Fri, 23 Jan 2026 02:49:08 GMT
Content Headers
2 headers
Content-Language
Content
en
Content-Type
Content
text/html; charset=UTF-8
Server Headers
1 headers
Server
Server
cloudflare
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
15 headers
Alt-Svc
Other
h3=":443"; ma=86400
Cf-Cache-Status
Other
HIT
Cf-Ray
Other
9c249f13eddce621-IAD
Date
Other
Fri, 23 Jan 2026 04:41:54 GMT
Link
Other
<https://www.aman.com/>; rel="alternate"; hreflang="en", <https://www.aman.com/>; rel="alternate"; hreflang="en-gb"
Speculation-Rules
Other
"/cdn-cgi/speculation"
Surrogate-Control
Other
max-age=86400
Via
Other
varnish
X-Ah-Environment
Other
prod
X-Cache
Other
HIT
X-Cache-Hits
Other
2
X-Drupal-Cache
Other
MISS
X-Drupal-Dynamic-Cache
Other
MISS
X-Generator
Other
Drupal 11 (https://www.drupal.org)
X-Request-Id
Other
v-16d22128-f806-11f0-a0f0-e398d03559ad
Recommendations
Enable compression (gzip/brotli) to improve performance