Open
Cached
·
just now
21
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=300
Content-Security-Policy
Basic
script-src; img-src; style-src; +8 more
script-src www.google.co.uk 'self' 'unsafe-inline' 'unsafe-eval' mw-uk2-uat.thehut.net mw.thghosting.com request.eprotect.vantivprelive.com request.eprotect.vantivcnp.com *.dwin1.com *.addtoany.com *.bing.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com *.pingdom.net *.trustpilot.com *.jquery.com ajax.googleapis.com platform.twitter.com *.adroll.com *.google.com *.facebook.net *.steelhousemedia.com *.qualtrics.com www.googleadservices.com *.uk2group.com maxcdn.bootstrapcdn.com privacy-policy.truste.com www.gstatic.com *.visualwebsiteoptimizer.com www.googletagmanager.com www.google-analytics.com app.yieldify.com *.westhost.com t.trackedlink.net d33wq5gej88ld6.cloudfront.net s.adroll.com tracking.websitealive.com *.hcaptcha.com https://www.googletagmanager.com; img-src data: 'self' *.thgingenuity.com img.zohostatic.eu match.adsrvr.org *.gstatic.com *.uk2group.com *.bing.com *.gravatar.com *.pingdom.net *.uk2.net p.adsymptotic.com s.w.org csi.gstatic.com cj.dotomi.com widget.trustpilot.com www.privacytrust.com insight.adsrvr.org *.adroll.com *.adnxs.com *.yahoo.com *.facebook.com *.doubleclick.net *.bidswitch.net *.rlcdn.com *.twitter.com *.openx.net googleads.g.doubleclick.net *.googleadservices.com cdsusa.veinteractive.com shareasale.com www.emjcd.com *.westhost.com *.midphase.com privacy-policy.truste.com secure.etrust.org 55b558c7-resources.bk-partnersasia.com ib.adnxs.com *.visualwebsiteoptimizer.com www.google-analytics.com stats.g.doubleclick.net www.google.co.uk www.google.com https://script.hotjar.com http://script.hotjar.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' *.westhost.com *.google.com *.googleapis.com dwmvwp56lzq5t.cloudfront.net *.pingdom.net *.bootstrapcdn.com *.visualwebsiteoptimizer.com; frame-src 'self' *.hcaptcha.com *.westhost.com cdn.forms-content.sg-form.com www.google.co.uk www.google.com plus.google.com apis.google.com accounts.google.com platform.twitter.com staticxx.facebook.com www.facebook.com https://vars.hotjar.com widget.trustpilot.com https://www.googletagmanager.com; connect-src 'self' *.hcaptcha.com *.google-analytics.com *.sentry.io mw-uk2-uat.thehut.net mw.thghosting.com livechat.uk2group.com *.pingdom.net http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com *.twitter.com dev.visualwebsiteoptimizer.com geo.yieldify.com *.westhost.com widget.trustpilot.com bat.bing.com https://facebook.com/tr/ https://www.google.com/ccm/ https://www.googletagmanager.com; font-src data: 'self' http://script.hotjar.com https://script.hotjar.com *.westhost.com *.gstatic.com *.googleapis.com maxcdn.bootstrapcdn.com *.visualwebsiteoptimizer.com stats.g.doubleclick.net; default-src 'self' *.westhost.com; object-src 'self' *.westhost.com *.visualwebsiteoptimizer.com; child-src *.westhost.com *.uk2group.com *.hotjar.com *.twitter.com *.addtoany.com googleads.g.doubleclick.net platform.twitter.com apis.google.com www.facebook.com staticxx.facebook.com accounts.google.com afftrk.biz www.googleadservices.com tracking.opienetwork.com youtu.be www.youtube.com *.visualwebsiteoptimizer.com www.google.com; media-src data: 'self' *.westhost.com; frame-ancestors 'self';
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Vary
Performance
Accept-Encoding, Accept-Encoding
Caching Headers
3 headers
Age
Caching
230932
Cache-Control
Caching
s-maxage=31536000
Etag
Caching
"16um4p0fmmh362r"
Content Headers
2 headers
Content-Length
Content
148118
Content-Type
Content
text/html; charset=utf-8
Server Headers
2 headers
Server
Server
nginx
X-Powered-By
Server
Next.js
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
7 headers
Date
Other
Sat, 29 Nov 2025 06:08:51 GMT
Via
Other
1.1 varnish, 1.1 varnish
X-Cache
Other
MISS, HIT
X-Cache-Hits
Other
0, 0
X-Nextjs-Cache
Other
HIT
X-Served-By
Other
cache-pdk-kpdk1780145-PDK, cache-pdk-kfty8610067-PDK
X-Timer
Other
S1764396532.874601,VS0,VE1
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology
Analysis completed in 530ms