Security Headers Test

PERMISSIONS-POLICY

Restricts feature access.

REFERRER-POLICY

Controls Referer header.

STRICT-TRANSPORT-SECURITY

Ensures HTTPS-only access.

X-FRAME-OPTIONS

Prevents clickjacking.

CONTENT-SECURITY-POLICY

Protects from XSS.

X-CONTENT-TYPE-OPTIONS

Prevents MIME-type sniffing.

X-XSS-PROTECTION

Blocks XSS attacks.

X-PERMITTED-CROSS-DOMAIN-POLICIES

Manages cross-domain requests.

Date

Tue, 11 Mar 2025 07:23:42 GMT

Content-Type

text/html; charset=utf-8

Connection

keep-alive

x-sorting-hat-podid

193

x-sorting-hat-shopid

5173313570

x-storefront-renderer-rendered

1

etag

W/"cacheable:529bdbb2519519fe53d27e3cdc200608"

link

<https://cdn.shopify.com>; rel="preconnect", <https://cdn.shopify.com>; rel="preconnect"; crossorigin

set-cookie

secure_customer_sig=; path=/; expires=Wed, 11 Mar 2026 07:23:42 GMT; secure; HttpOnly; SameSite=Lax, localization=US; path=/; expires=Wed, 11 Mar 2026 07:23:42 GMT, cart_currency=USD; path=/; expires=Tue, 25 Mar 2025 07:23:42 GMT, _shopify_y=35E321D5-aeb3-423A-83c0-85a4d0d4e43f; domain=thelavishgoat.com; path=/; expires=Wed, 11 Mar 2026 13:23:42 GMT; SameSite=Lax, _shopify_s=2EADA842-f897-4705-bc6d-a041019958a3; domain=thelavishgoat.com; path=/; expires=Tue, 11 Mar 2025 07:53:42 GMT; SameSite=Lax, _tracking_consent=%7B%22con%22%3A%7B%22CMP%22%3A%7B%22a%22%3A%22%22%2C%22m%22%3A%22%22%2C%22p%22%3A%22%22%2C%22s%22%3A%22%22%7D%7D%2C%22v%22%3A%222.1%22%2C%22region%22%3A%22INMH%22%2C%22reg%22%3A%22%22%2C%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22sale_of_data_region%22%3Afalse%2C%22consent_id%22%3A%2247854076-6ddb-4434-8e17-846a4d28a74a%22%7D; domain=thelavishgoat.com; path=/; expires=Wed, 11 Mar 2026 07:23:42 GMT; SameSite=Lax, _orig_referrer=; domain=thelavishgoat.com; path=/; expires=Tue, 25 Mar 2025 07:23:42 GMT; HttpOnly; SameSite=Lax, _landing_page=%2F; domain=thelavishgoat.com; path=/; expires=Tue, 25 Mar 2025 07:23:42 GMT; HttpOnly; SameSite=Lax

x-cache

hit, server

x-frame-options

DENY

content-security-policy

block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;

strict-transport-security

max-age=7889238

x-shopid

5173313570

x-shardid

193

vary

Accept

content-language

en-US

powered-by

Shopify

server-timing

processing;dur=13, db;dur=4, db_async;dur=1.692, asn;desc="47583", edge;desc="BOM", country;desc="IN", theme;desc="136150646978", pageType;desc="index", servedBy;desc="5bpv", requestID;desc="b0d7d797-cc31-4cd0-a824-c23c2a4b00fd-1741677822", cfRequestDuration;dur=104.000092, ipv6

x-dc

gcp-asia-southeast1,gcp-asia-southeast1,gcp-asia-southeast1

x-request-id

b0d7d797-cc31-4cd0-a824-c23c2a4b00fd-1741677822

Alt-Svc

h3=":443"; ma=86400

CF-Cache-Status

DYNAMIC

Report-To

{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H3%2BisOvGK7b72YI2U8rRUrmFQdcrOgbeBTak5TOefrpVC9x1hWqUejuRIEyXmHGCvT6y7av7hd%2FO8xaPkgQYEXXJdiPmqLnUXSXDa0nrbz%2Fswoplw6q1pcwPunHuO4h2%2BX2zytrD6wuVrWt8aQLi"}],"group":"cf-nel","max_age":604800}

NEL

{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}

X-XSS-Protection

1; mode=block

X-Content-Type-Options

nosniff

X-Permitted-Cross-Domain-Policies

none

X-Download-Options

noopen

Server

cloudflare

CF-RAY

91e94ed6bb8c41b6-BOM

Content-Encoding

gzip