Open
Cached
·
just now
29
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=63072000; includeSubdomains;preload
Content-Security-Policy
Basic
default-src; script-src; img-src; +6 more
default-src 'self' data: gap: ws: wss: blob: https://api-js.datadome.co https://*.google-analytics.com https://google.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.blackhawknetwork.com https://*.bhn.com https://*.bhn.cards https://*.gstatic.com https://*.adobedtm.com https://*.demdex.net https://edge.adobedc.net https://*.optimizely.com https://*.paypal.com https://*.cdn-apple.com https://*.zip.co https://*.typekit.net https://*.giftcards.com https://giftcards.com https://*.giftcards.ca https://giftcards.ca https://*.preprodhawkcommerce.com https://*.giftcardsstage.com https://*.quadpay.com https://*.shopperapproved.com https://*.signifyd.com https://*.riskified.com https://*.sardine.ai https://api.sandbox.sardine.ai https://*.nsureapi.com https://*.forter.com https://*.online-metrix.net https://*.trustarc.com https://consent-pref.trustarc.com https://*.cloudflare.com https://*.cloudfront.net https://*.adobeaemcloud.com https://*.smartystreets.com https://*.smarty.com https://*.microsoft.com https://*.wistia.com https://*.wistia.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.nr-data.net https://greensock.com https://egift.activationspot.com https://egiftpp.blackhawknetwork.com https://egift.certification.blackhawknetwork.com https://connect.facebook.net https://*.clarity.ms https://d-ipv6.mmapiws.com https://*.sharpen.cx https://*.sharpencx.com https://*.fortawesome.com https://*.newrelic.com https://*.googleusercontent.com https://*.bing.com https://*.mmapiws.com https://*.posthog.com https://m1.openfpcdn.io https://*.ssl.cf2.rackcdn.com https://js.captcha-display.com https://geo.captcha-delivery.com https://dd.prod.captcha-delivery.com https://ct.captcha-delivery.com https://ucarecdn.com https://upload.uploadcare.com https://social.uploadcare.com https://*.rokt.com https://*.salecycle.com https://cdn.pdst.fm https://tag.rmp.rakuten.com https://bat.bing.com https://*.adsrvr.org https://shop.pe https://shopper.shop.pe https://app.shop.pe https://addshoppers.s3.amazonaws.com https://facebook.com https://www.facebook.com https://pixels.spotify.com https://*.linksynergy.com https://resources.xg4ken.com https://*.criteo.com https://*.criteo.net https://manage.safeopt.com https://nytrng.com https://idsync.rlcdn.com https://d16fk4ms6rqz1v.cloudfront.net https://*.agkn.com https://*.tpmn.co.kr https://*.tremorhub.com https://*.mediavine.com https://*.liadm.com https://*.postrelease.com https://*.sharethrough.com https://*.mediawallahscript.com https://*.tapad.com https://*.revcontent.com https://*.tt.omtrdc.net https://*.omnitagjs.com https://*.adgrx.com https://*.googleadservices.com https://*.doubleclick.net https://assets.sc-trc.com https://*.listrakbi.com https://*.emjcd.com https://*.xg4ken.com https://*.stickyadstv.com https://*.ads.linkedin.com https://*.dlx.addthis.com https://*.tpmn.io https://*.emxdgt.com https://*.rezync.com https://*.rakuten.com https://omnicard.com https://www.omnicard.com https://*.rd.linksynergy.com https://www.google.co.in https://t.lt02.net https://cdn.listrakbi.com https://intljs.rmtag.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://www.redditstatic.com https://pixel-config.reddit.com https://alb.reddit.com https://*.kore.ai https://*.shareasale.com https://*.niceincontact.com https://cdn.jsdelivr.net https://*.adyen.com https://*.klarna.com https://*.klarnaevt.com https://*.klarnacdn.net https://*.sentry.io https://*.wisepops.com https://*.px-cloud.net https://*.px-cdn.net https://*.pxchk.net https://id5-sync.com https://lbs.eu-1-id5-sync.com https://*.wisepops.net https://wisepops.net https://*.ada.support https://testing.conversionteam.com https://api.adtraction.net https://cnv.adt623.net https://log.adtraction.fail;script-src 'self' 'unsafe-inline' 'unsafe-eval' nonce-l-NjL0Hm00yqhriGLLlf8w data: gap: ws: wss: blob: https://*.giftcards.com https://giftcards.com https://*.giftcards.ca https://giftcards.ca https://*.preprodhawkcommerce.com https://*.giftcardsstage.com https://*.blackhawknetwork.com https://*.bhn.com https://*.bhn.cards https://google.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://device.maxmind.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.microsoft.com https://*.adobeaemcloud.com https://*.adobedtm.com https://cdn.id5-sync.com https://*.demdex.net https://edge.adobedc.net https://unpkg.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://gsap.com https://*.google-analytics.com https://*.trustarc.com https://consent-pref.trustarc.com https://*.cloudflare.com https://*.cloudfront.net https://*.signifyd.com https://*.riskified.com https://*.sardine.ai https://api.sandbox.sardine.ai https://*.nsureapi.com https://*.forter.com https://*.online-metrix.net https://*.paypal.com https://*.cdn-apple.com https://*.zip.co https://*.quadpay.com https://*.paypalobjects.com https://*.smartystreets.com https://*.smarty.com https://*.shopperapproved.com https://*.wistia.com https://*.wistia.net https://egift.activationspot.com https://egiftpp.blackhawknetwork.com https://egift.certification.blackhawknetwork.com https://fpnpmcdn.net https://greensock.com https://connect.facebook.net https://*.clarity.ms https://*.sharpen.cx https://use.fonticons.com https://*.newrelic.com https://*.posthog.com https://js.captcha-display.com https://js.datadome.co https://api-js.datadome.co https://geo.captcha-delivery.com https://dd.prod.captcha-delivery.com https://ct.captcha-delivery.com https://ucarecdn.com https://upload.uploadcare.com https://social.uploadcare.com https://*.rokt.com https://cdn.pdst.fm https://tag.rmp.rakuten.com https://bat.bing.com https://*.adsrvr.org https://shop.pe https://shopper.shop.pe https://app.shop.pe https://addshoppers.s3.amazonaws.com https://facebook.com https://www.facebook.com https://pixels.spotify.com https://*.linksynergy.com https://resources.xg4ken.com https://*.criteo.com https://*.criteo.net https://manage.safeopt.com https://nytrng.com https://idsync.rlcdn.com https://d16fk4ms6rqz1v.cloudfront.net https://*.xg4ken.com https://*.listrakbi.co https://*.sentry-cdn.com https://*.rd.linksynergy.com https://*.googleadservices.com https://*.doubleclick.net https://*.listrakbi.com https://*.googlesyndication.com https://t.lt02.net https://intljs.rmtag.com https://analytics.tiktok.com https://www.redditstatic.com https://pixel-config.reddit.com https://alb.reddit.com https://js.sentry-cdn.com https://*.gstatic.com https://*.shareasale.com https://*.niceincontact.com https://*.wisepops.net https://*.wisepops.com https://wisepops.net https://*.ada.support https://*.kore.ai https://*.adyen.com https://*.klarna.com https://*.klarnacdn.net https://*.px-cloud.net https://valuesportal.com https://cdn.adt348.net https://gtm.adt313.net https://cnv.adt623.net;img-src 'self' data: blob: https://google.com https://*.google.com https://*.google.co.uk https://*.googleapis.com https://*.googletagmanager.com https://*.blackhawknetwork.com https://*.bhn.com https://*.bhn.cards https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.adobeaemcloud.com https://*.adobedtm.com https://id5-sync.com https://p.veritone-ce.com https://ad.yieldlab.net https://*.demdex.net https://edge.adobedc.net https://*.trustarc.com https://consent-pref.trustarc.com https://*.wistia.com https://*.wistia.net https://*.cloudfront.net https://*.giftcards.com https://giftcards.com https://*.giftcards.ca https://giftcards.ca https://*.preprodhawkcommerce.com https://*.giftcardsstage.com https://*.paypal.com https://*.cdn-apple.com https://*.zip.co https://*.quadpay.com https://*.paypalobjects.com https://*.signifyd.com https://*.riskified.com https://*.sardine.ai https://api.sandbox.sardine.ai https://*.nsureapi.com https://*.forter.com https://*.online-metrix.net https://*.shopperapproved.com https://*.gstatic.com https://egift.activationspot.com https://egiftpp.blackhawknetwork.com https://egift.certification.blackhawknetwork.com https://fpnpmcdn.net https://*.day.com https://greensock.com https://*.clarity.ms https://*.googleusercontent.com https://*.bing.com https://*.cloudflare.com https://*.ssl.cf2.rackcdn.com https://*.google-analytics.com https://js.captcha-display.com https://js.datadome.co https://api-js.datadome.co https://geo.captcha-delivery.com https://dd.prod.captcha-delivery.com https://ct.captcha-delivery.com https://ucarecdn.com https://upload.uploadcare.com https://social.uploadcare.com https://*.rokt.com https://cdn.pdst.fm https://tag.rmp.rakuten.com https://bat.bing.com https://*.adsrvr.org https://shop.pe https://shopper.shop.pe https://app.shop.pe https://addshoppers.s3.amazonaws.com https://facebook.com https://www.facebook.com https://pixels.spotify.com https://data.adxcel-ec2.com https://*.linksynergy.com https://resources.xg4ken.com https://*.criteo.com https://manage.safeopt.com https://nytrng.com https://idsync.rlcdn.com https://d16fk4ms6rqz1v.cloudfront.net https://*.listrakbi.com https://*.bidswitch.net https://*.smartadserver.com https://*.taboola.com https://*.socdm.com https://*.casalemedia.com https://*.dable.io https://*.adingo.jp https://*.360yield.com https://*.media.net https://*.outbrain.com https://*.pubmatic.com https://*.rubiconproject.com https://*.ad.smaato.net https://*.clmbtech.com https://*.3lift.com https://*.1rx.io https://*.adnxs.com https://*.teads.tv https://*.ads.yieldmo.com https://sync.aralego.com https://cdn.aralego.net https://sync.ad-stir.com https://ad.as.amanad.adtdp.com https://*.send.microad.jp https://*.bluekai.com https://creativecdn.com https://sync.targeting.unrulymedia.com https://public-prod-dspcookiematching.dmxleo.com https://*.agkn.com https://*.tpmn.co.kr https://*.tremorhub.com https://*.mediavine.com https://*.liadm.com https://*.postrelease.com https://*.sharethrough.com https://*.mediawallahscript.com https://*.tapad.com https://*.revcontent.com https://*.omnitagjs.com https://*.adgrx.com https://cm.g.doubleclick.net https://sync.srv.stackadapt.com https://sync-tm.everesttech.net https://*.adform.net https://*.simpli.fi https://*.ybp.yahoo.com https://*.turn.com https://*.analytics.yahoo.com https://*.dotomi.com https://*.googleadservices.com https://*.doubleclick.net https://assets.sc-trc.com https://*.xg4ken.com https://*.stickyadstv.com https://*.ads.linkedin.com https://*.dlx.addthis.com https://*.tpmn.io https://*.emxdgt.com https://*.rezync.com https://*.rd.linksynergy.com https://bh.contextweb.com https://sync.crwdcntrl.net https://*.v.fwmrm.net https://ws.rgtrk.eu https://www.google.co.in https://thrtle.com https://a.usbrowserspeed.com https://match.prod.bidr.io https://he.lijit.com https://email.traversedlp.com https://cdn.listrakbi.com https://pixel-config.reddit.com https://alb.reddit.com https://pm.w55c.net https://p.rfihub.com https://pippio.com https://sync.graph.bluecava.com https://*.thebrighttag.com https://mid.rkdms.com https://*.redinuid.imrworldwide.com https://*.disqus.com https://*.lijit.com https://*.springserve.com https://*.kore.ai https://*.shareasale.com https://*.nimbledeals.com https://*.adyen.com https://*.ada.support https://*.klarna.com https://cdn.valuesportal.com https://log.adtraction.fail;frame-ancestors 'self' https://*.paypal.com https://*.giftcards.com https://giftcards.com https://*.giftcards.ca https://giftcards.ca https://*.preprodhawkcommerce.com https://*.adobedtm.com https://*.giftcardsstage.com;style-src 'self' data: blob: https://*.giftcards.com https://giftcards.com https://*.giftcards.ca https://giftcards.ca https://*.preprodhawkcommerce.com https://*.googleapis.com https://*.googletagmanager.com https://google.com https://*.google.com https://*.typekit.net https://*.gstatic.com https://*.adobeaemcloud.com https://*.adobedtm.com https://*.demdex.net https://edge.adobedc.net https://*.shopperapproved.com https://greensock.com https://egift.activationspot.com https://egiftpp.blackhawknetwork.com https://egift.certification.blackhawknetwork.com https://cdn.jsdelivr.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://connect.facebook.net https://*.sharpen.cx https://use.fonticons.com https://*.fortawesome.com https://js.captcha-display.com https://js.datadome.co https://api-js.datadome.co https://geo.captcha-delivery.com https://ucarecdn.com https://upload.uploadcare.com https://social.uploadcare.com https://*.rokt.com https://cdn.pdst.fm https://tag.rmp.rakuten.com https://bat.bing.com https://*.adsrvr.org https://shop.pe https://shopper.shop.pe https://app.shop.pe https://addshoppers.s3.amazonaws.com https://facebook.com https://www.facebook.com https://pixels.spotify.com https://*.linksynergy.com https://resources.xg4ken.com https://*.criteo.com https://manage.safeopt.com https://nytrng.com https://idsync.rlcdn.com https://d16fk4ms6rqz1v.cloudfront.net https://*.googleadservices.com https://*.doubleclick.net https://cdn.listrakbi.com https://*.niceincontact.com https://*.ada.support https://*.adyen.com https://*.klarna.com https://*.klarnacdn.net 'unsafe-inline';frame-src 'self' https://*.paypal.com https://*.cdn-apple.com https://*.zip.co https://*.quadpay.com https://*.giftcards.com https://giftcards.com https://*.giftcards.ca https://giftcards.ca https://*.preprodhawkcommerce.com https://*.giftcardsstage.com https://egift.activationspot.com https://*.blackhawknetwork.com https://egiftpp.blackhawknetwork.com https://egift.certification.blackhawknetwork.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.nsureapi.com https://api.sardine.ai https://www.securesuite.co.uk https://www.rsa3dsauth.co.uk https://api.sandbox.sardine.ai https://pay.google.com https://collect.giftcards.com https://*.wistia.com https://*.wistia.net https://*.adobeaemcloud.com https://consent-pref.trustarc.com https://*.google.com https://google.com https://connect.facebook.net https://www.facebook.com https://*.sharpen.cx https://*.paypalobjects.com https://js.captcha-display.com https://js.datadome.co https://api-js.datadome.co https://geo.captcha-delivery.com https://ucarecdn.com https://upload.uploadcare.com https://social.uploadcare.com https://*.salecycle.com https://*.adsrvr.org https://nytrng.com https://idsync.rlcdn.com https://d16fk4ms6rqz1v.cloudfront.net https://*.linksynergy.com https://*.criteo.com https://*.criteo.net https://*.rokt.com https://*.googleadservices.com https://*.doubleclick.net https://*.emjcd.com https://fpt.dfp.microsoft.com https://*.googletagmanager.com https://*.adyen.com https://*.klarna.com https://*.niceincontact.com https://*.klarnaservices.com https://*.arcot.com https://*.icicibank.com https://*.klarnacdn.net https://*.ada.support data: blob:;worker-src 'self' https://*.adobeaemcloud.com https://*.adobedtm.com https://*.demdex.net https://edge.adobedc.net https://*.adyen.com https://*.klarna.com data: blob:;object-src 'none';base-uri 'self';
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Vary
Performance
X-Device-Type,X-Business-Context,X-Locale-Path,X-Store-Code,X-Cache-Disable,Accept-Encoding,Origin
Caching Headers
4 headers
Age
Caching
0
Cache-Control
Caching
max-age=600,s-max-age=7200,stale-while-revalidate=90000,stale-if-error=108000
Etag
Caching
"10cf76-646e81ed32f0d"
Last-Modified
Caching
Sat, 27 Dec 2025 05:17:03 GMT
Content Headers
2 headers
Content-Length
Content
1101686
Content-Type
Content
text/html;charset=utf-8
Server Headers
0 headers
No server headers found
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
gcloc=US-VA; path=/; secure
Other Headers
15 headers
Date
Other
Sat, 27 Dec 2025 07:06:57 GMT
Feature-Policy
Other
geolocation 'self'; camera 'self'
Host
Other
www.giftcards.com
Via
Other
1.1 varnish
X-Andor-Domain
Other
www.giftcards.com
X-Business-Context
Other
bhn
X-Cache
Other
MISS, MISS
X-Cache-Hits
Other
0
X-Device-Type
Other
desktop
X-Enabled-Locales
Other
en_US,en_CA,fr_CA,en_GB
X-Locale-Path
Other
uk/en
X-Served-By
Other
cache-iad-kiad7000093-IAD, cache-ewr-kewr1740021-EWR
X-Store-Code
Other
gift_cards_uk_en
X-Timer
Other
S1766819218.833421,VS0,VE25
X-Vhost
Other
publish
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 692ms