Open
Cached
·
3h ago
19
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Basic
default-src; sandbox; img-src; +8 more
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: https://sb.scorecardresearch.com https://*.yahoo.com blob: wss:; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation allow-presentation allow-storage-access-by-user-activation; img-src 'self' https: data: blob: https://*.yimg.com https://bats.video.yahoo.com https://*.scorecardresearch.com https://trk.vidible.tv https://ganon.yahoo.com https://geo.yahoo.com https://api.cloudinary.com https://res.cloudinary.com https://*.amazon-adsystem.com https://geo.yahoo.com https://pbs.yahoo.com https://*.pubmatic.com https://*.adsrvr.org https://static.criteo.com https://*.casalemedia.com https://*.taboola.com https://*.rubiconproject.com https://*.openx.net https://ads.yieldmo.com http://static.yieldmo.com https://*.media.net https://*.3lift.com https://*.sharethrough.com https://*.lijit.com https://*.indexww.com https://geo.yahoo.com https://ep1.adtrafficquality.google https://*.facebook.com https://*.kargo.com https://sync.kueezrtb.com https://*.mediago.io https://*.postrelease.com https://*.yellowblue.io https://*.sonobi.com https://*.lijit.com https://*.1rx.io https://*.cootlogix.com https://p.rfihub.com https://www.google.com/s2/favicons; object-src https://*.engadget.com https://s.yimg.com https://api.cloudinary.com https://o.aolcdn.com; worker-src 'self' blob:; manifest-src 'self' https://s.yimg.com; font-src 'self' data: https://*.engadget.com https://s.yimg.com https://fonts.gstatic.com https://*.spot.im https://assets.video.yahoo.net https://cdn.taboola.com; connect-src 'self' https://*.engadget.com https://*.liadm.com https://s.yimg.com https://*.yahoo.net https://*.yahoo.com https://*.yahoosandbox.com https://*.oath.com https://*.cdn.yimg.com https://ad.doubleclick.net https://*.doubleverify.com https://*.googlesyndication.com https://*.spot.im https://*.giphy.com https://*.vidible.com https://*.media.yahoo.com:4443 https://*.skimresources.com https://*.taboola.com https://securepubads.g.doubleclick.net https://*.spotim.market https://*.criteo.com https://*.criteo.net https://*.pubmatic.com https://*.rubiconproject.com https://ap.lijit.com https://rtb.gumgum.com https://*.openx.net https://*.adtelligent.com https://htlb.casalemedia.com http://ssum-sec.casalemedia.com https://*.creativecdn.com https://*.adnxs.com https://api.rlcdn.com https://*.adsrvr.org https://*.adform.net https://*.uplynk.com https://*.doubleclick.net https://d1z2jf7jlzjs58.cloudfront.net https://*.aniview.com https://*.ad-score.com https://polarcdn-terrax.com https://*.polarcdn-terrax.com https://polarcdn-engine.com https://polarcdn-pentos.com https://videodelivery.net https://*.videodelivery.net https://sf-hs-sg.ibytedtos.com https://b1h.zemanta.com https://hb-api.omnitagjs.com https://video-api.yql.yahoo.com https://edgecast-vod.yimg.com https://edgecast-vod.yahoo.net https://*.vpg.cdn.yimg.com https://media.zenfs.com https://assets.video.yahoo.net https://tpc.googlesyndication.com/ima3vpaid https://*.adsafeprotected.com https://api.cloudinary.com https://*.media.net https://events.newsroom.bi https://flowcards.mrf.io https://compassdata.mrf.io https://sdk.mrf.io https://s.yimg.com/oa/ https://api.privacy-center.org/v1/events https://api.privacy-center.org/v1/metrics https://api.privacy-center.org/v1/sync https://api.privacy-center.org/v1/locations https://ec.yimg.com/didomi https://guce.engadget.com/ https://guce.oath.com/ https://consent.yahoo.com/ https://i.clean.gg https://ads.yieldmo.com http://static.yieldmo.com https://*.3lift.com https://*.sharethrough.com https://*.lijit.com https://*.indexww.com https://sdk.privacy-center.org/f5623e34-377a-419c-8bb7-3928cebffbc9/ https://snippet.affilimate.io/ https://snippet.affilimatejs.com https://pub.affilimateapis.com https://pub-eu.affilimateapis.com https://api.assertcom.de https://icu.newsroom.bi/ingest.php https://tlx.3lift.com https://ads.yieldmo.com https://*.google-analytics.com https://api.alyavista.com https://*.seedtag.com https://search.yahoo.com https://connect.facebook.net https://*.facebook.com https://sync.kueezrtb.com https://exchange.kueezrtb.com https://sync.go.sonobi.com https://apex.go.sonobi https://pbs-yahoo-us.ay.delivery https://pbs-yahoo-eu.ay.delivery https://pbs-yahoo-apac.ay.delivery https://c.aps.amazon-adsystem.com https://*.amazon-adsystem.com https://*.publisher-services.amazon.dev https://vector.hereapi.com https://js.api.here.com https://browser-intake-datadoghq.com https://dataplane.rum.us-east-1.amazonaws.com https://dataplane.rum.us-west-2.amazonaws.com https://mpc-prod-16-s6uit34pua-uk.a.run.app https://hb.emxdgt.com https://prg.smartadserver.com https://reachms.bfmio.com https://targeting.unrulymedia.com https://api.vetted.ai https://api.reefpig.com https://*.rudderstack.com; frame-ancestors 'self' https://*.engadget.com https://*.oath.com https://*.yahoo.com; report-uri https://csp.yahoo.com/beacon/csp?src=commerce; report-to csp-endpoint;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer-when-downgrade
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding
Caching Headers
3 headers
Age
Caching
1
Cache-Control
Caching
max-age=0, private
Expires
Caching
-1
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
Server
Server
ATS
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
5 headers
Date
Other
Fri, 09 Jan 2026 12:24:07 GMT
Document-Policy
Other
js-profiling
Link
Other
<//ncp-gw-frontpage.media.yahoo.com>; rel=dns-prefetch, <//ncp-gw-frontpage.media.yahoo.com>; rel=preconnect, <//nexus-gateway-prod.media.yahoo.com>; rel=dns-prefetch, <//nexus-gateway-prod.media.yahoo.com>; rel=preconnect, <//s.yimg.com>; rel=dns-prefetch, <//s.yimg.com>; rel=preconnect, <//consent.cmp.oath.com>; rel=dns-prefetch, <//consent.cmp.oath.com>; rel=preconnect, <//udc.yahoo.com>; rel=dns-prefetch, <//udc.yahoo.com>; rel=preconnect, </_next/static/media/4c5a69d047c2b2dc-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/media/6563b172ef52338e-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/media/7553561d3efb1daf-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/media/bc9b697e70a492ac-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/media/ca34ace2d968e707-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/media/f0b1e3f007006b62-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/media/f35b5e6220b536eb-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", <https://s.yimg.com/cv/apiv2/Commerce/CreamSerum-Pictograms-Light.svg>; rel=preload; as="image", <https://s.yimg.com/cv/apiv2/Commerce/SleepyMoon-Pictograms-Light.svg>; rel=preload; as="image", <https://s.yimg.com/cv/apiv2/Commerce/WalkingShoe-Pictograms-Light.svg>; rel=preload; as="image", <https://s.yimg.com/cv/apiv2/Commerce/CreamWaterSparkles-Pictograms-Light.svg>; rel=preload; as="image", </_next/static/css/f3f9ffed6195e234.css>; rel=preload; as="style", </_next/static/css/8bdf31675e1e5f35.css>; rel=preload; as="style", </_next/static/css/f44f3a65cca3122d.css>; rel=preload; as="style", </_next/static/css/370a2b1e3d3511a9.css>; rel=preload; as="style", </_next/static/css/3d8bfa325bc13f07.css>; rel=preload; as="style", </_next/static/css/8e1f3cf0fabc811e.css>; rel=preload; as="style", </_next/static/css/7b8ffc82c1b6d6e8.css>; rel=preload; as="style", </_next/static/css/5d0dff06eaff1fda.css>; rel=preload; as="style", </_next/static/css/b03ba11674048b4f.css>; rel=preload; as="style", </_next/static/css/dcb6113512072c02.css>; rel=preload; as="style", </_next/static/css/cae619ba0e0906ff.css>; rel=preload; as="style"
X-Aws-Region
Other
us-east-1
X-Yahoo-Page-Type
Other
homepage
Recommendations
Enable compression (gzip/brotli) to improve performance