Open
Cached
·
just now
24
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31557600
Content-Security-Policy
Weak
upgrade-insecure-requests
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Significantly strengthen CSP directives
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
4 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding,Cookie
Caching Headers
4 headers
Age
Caching
776
Cache-Control
Caching
no-store, no-cache, must-revalidate, max-age=0
Expires
Caching
Tue, 30 Dec 2025 20:18:18 GMT
Pragma
Caching
cache
Content Headers
1 headers
Content-Type
Content
text/html; charset=UTF-8
Server Headers
0 headers
No server headers found
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
10 headers
Content-Security-Policy-Report-Only
Other
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com 'self' 'unsafe-inline'; style-src *.adobe.com fonts.googleapis.com https://*.abtasty.com api.addressy.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests ; form-action login.live.com login.microsoftonline.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; script-src bam.nr-data.net js-agent.newrelic.com cdn.spectrumcustomizer.com js.monitor.azure.com a.clarity.ms b.clarity.ms c.clarity.ms d.clarity.ms e.clarity.ms f.clarity.ms g.clarity.ms h.clarity.ms i.clarity.ms j.clarity.ms k.clarity.ms l.clarity.ms m.clarity.ms n.clarity.ms o.clarity.ms p.clarity.ms r.clarity.ms s.clarity.ms t.clarity.ms u.clarity.ms w.clarity.ms x.clarity.ms y.clarity.ms z.clarity.ms www.clarity.ms www.paypal.com www.paypalobjects.com assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page https://assets.sandbox.eshopworld.com https://assets.eshopworld.com https://*.abtasty.com api.addressy.com https://cdn.spectrumcustomizer.com 'self' 'unsafe-inline' 'unsafe-eval'; media-src assets.xboxservices.com cms-assets.xboxservices.com *.adobe.com 'self' 'unsafe-inline'; img-src images-xboxdesignlab.xbox.com spectrumcustomizer.com cdn.spectrumcustomizer.com api.spectrumcustomizer.com www.colorhexa.com blob: c.bing.com c1.microsoft.com c.xbox.com stospectprodglobal.blob.core.windows.net t.paypal.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io services.postcodeanywhere.co.uk data: 'self' 'unsafe-inline'; connect-src bam.nr-data.net api.spectrumcustomizer.com cdn.spectrumcustomizer.com spectrumcustomizer.com www.paypal.com browser.events.data.microsoft.com client.spectrumcustomizer.com a.clarity.ms b.clarity.ms c.clarity.ms d.clarity.ms e.clarity.ms f.clarity.ms g.clarity.ms h.clarity.ms i.clarity.ms j.clarity.ms k.clarity.ms l.clarity.ms m.clarity.ms n.clarity.ms o.clarity.ms p.clarity.ms r.clarity.ms s.clarity.ms t.clarity.ms u.clarity.ms w.clarity.ms x.clarity.ms y.clarity.ms z.clarity.ms www.clarity.ms q.clarity.ms v.clarity.ms dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://geoip-js.com api.addressy.com 'self' 'unsafe-inline';
Date
Other
Mon, 29 Dec 2025 20:31:14 GMT
Traceresponse
Other
00-1885c90f9f9f054526afea3123f091d3-76a7343e8e7b539f-01
X-Cache
Other
MISS, HIT, MISS
X-Cache-Hits
Other
0, 56, 0
X-Debug-Info
Other
eyJyZXRyaWVzIjowfQ==
X-Esi
Other
1
X-Platform-Server
Other
i-9870727a42a50df9
X-Served-By
Other
cache-iad-kcgs7200032-IAD, cache-iad-kcgs7200129-IAD, cache-pdk-kfty8610060-PDK
X-Timer
Other
S1767039498.716700,VS0,VE694
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 308ms