Security Headers Checker

HTTP 200 · https://www.barclays.co.uk/

[ STRONG ]

// Forces HTTPS for all connections. Prevents downgrade attacks.

max-age=63072000

[ WEAK ]

// Defines which sources of scripts/styles/images are allowed. Prevents XSS.

default-src 'none'; base-uri 'self'; frame-ancestors 'self' https://*.barclays.co.uk https://*.uk.barclays; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tags.tiqcdn.com https://collect.tealiumiq.com https://gateway.answerscloud.com https://s.go-mpulse.net https://www.media.barclays.co.uk https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://api.travelex.net https://resources.barclays.co.uk https://barclaysbankplc.tt.omtrdc.net https://barclaysbankplc.demdex.net https://cm.everesttech.net https://dpm.demdex.net https://*.siteintercept.qualtrics.com https://btttag.com https://*.btttag.com https://cdn.decibelinsight.net https://collection.decibelinsight.net https://widget.decibelinsight.net https://portal.decibel.com https://v6-eu.api.decibel.com https://api.decibel.com https://d063-248-eu-frankfurt-1.api.decibel.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://snap.licdn.com https://analytics.tiktok.com https://connect.facebook.net https://www.recaptcha.net https://rum.hlx.page https://cdn-ukwest.onetrust.com blob:; style-src 'self' 'unsafe-inline' https://www.media.barclays.co.uk https://fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com https://cdn-ukwest.onetrust.com; object-src 'self'; worker-src 'self' blob:; child-src https://demo.barclays.co.uk https://edigitalsurvey.com https://www.google.com https://www.media.barclays.co.uk https://barclaysbankplc.demdex.net https://cm.everesttech.net https://dpm.demdex.net https://*.siteintercept.qualtrics.com https://www.recaptcha.net blob:; frame-src 'self' https://demo.barclays.co.uk https://5452834.fls.doubleclick.net https://3460779.fls.doubleclick.net https://edigitalsurvey.com https://www.google.com https://www.media.barclays.co.uk https://barclaysbankplc.demdex.net https://cm.everesttech.net https://dpm.demdex.net https://*.siteintercept.qualtrics.com https://www.googletagmanager.com https://td.doubleclick.net https://www.recaptcha.net; img-src 'self' data: https://demo.barclays.co.uk https://px4.ads.linkedin.com https://analytics.tiktok.com https://3460779.fls.doubleclick.net https://collect.tealiumiq.com https://cdnjs.cloudflare.com https://adservice.google.co.uk https://ad.doubleclick.net https://adservice.google.com https://googleads.g.doubleclick.net https://googleads4.g.doubleclick.net https://smetrics.barclays.co.uk https://www.facebook.com https://www.google.co.uk https://www.google.com https://maps.googleapis.com https://maps.google.com https://www.google.fr https://adservice.google.fr https://www.google.de https://www.google.es https://adservice.google.es https://www.google.nl https://www.google.se https://www.google.co.id https://www.google.co.il https://www.google.be https://www.google.sk https://www.google.co.nz https://www.google.co.za https://www.google.com.sg https://www.google.pt https://www.google.ca https://www.google.cz https://www.google.com.cy https://www.google.com.au https://adservice.google.com.au https://www.google.mk https://www.google.je https://adservice.google.je https://www.google.co.ug https://www.google.com.hk https://www.google.ro https://www.google.bg https://www.google.im https://www.google.co.ao https://www.google.ie https://adservice.google.ie https://www.google.com.ng https://www.google.it https://adservice.google.it https://www.google.lt https://www.google.ae https://www.google.gr https://www.google.com.mx https://www.google.hu https://www.google.ch https://www.google.ru https://www.google.com.eg https://www.google.com.pk https://www.google.com.bh https://www.google.pl https://adservice.google.pl https://www.google.co.in https://www.gstatic.com https://www.google-analytics.com https://www.google.lu https://www.google.co.jp https://www.google.com.tr https://adservice.google.co.il https://adservice.google.co.zw https://adservice.google.com.sa https://adservice.google.ae https://adservice.google.pt https://www.google.com.my https://adservice.google.nl https://www.google.gg https://adservice.google.be https://adservice.google.cz https://www.google.co.th https://adservice.google.de https://www.google.com.gh https://www.google.com.sa https://www.google.ge https://www.google.com.br https://www.google.com.tw https://www.google.dk https://www.google.com.ph https://adservice.google.co.za https://www.google.lv https://adservice.google.gg https://adservice.google.ca https://www.google.at https://www.google.rs https://www.google.com.mt https://adservice.google.com.hk https://www.google.no https://www.google.com.qa https://www.google.co.ke https://www.barclays.co.uk https://adservice.google.gr https://www.google.fi https://adservice.google.co.jp https://adservice.google.co.in https://www.google.com.vc https://www.google.lk https://adservice.google.ch https://www.google.com.ua https://www.google.az https://www.google.by https://www.google.com.kw https://adservice.google.com.sg https://adservice.google.im https://adservice.google.no https://www.google.co.zw https://www.google.mu https://www.google.com.vn https://adservice.google.com.br https://adservice.google.lv https://adservice.google.com.kw https://adservice.google.com.tr https://www.google.co.kr https://adservice.google.az https://adservice.google.hu https://adservice.google.co.th https://www.google.cm https://www.google.mw https://www.google.com.ar https://www.google.co.ma https://www.google.com.gi https://www.google.co.tz https://www.google.com.om https://www.google.com.af https://adservice.google.lt https://adservice.google.co.nz https://www.google.tt https://www.google.ms https://adservice.google.ro https://www.google.dz https://adservice.google.com.my https://www.google.com.pe https://www.google.com.jm https://www.google.com.sl https://adservice.google.com.cy https://adservice.google.se https://www.google.com.ec https://www.google.hr https://www.google.al https://adservice.google.ru https://www.google.co.mz https://adservice.google.com.ng https://www.google.com.et https://www.google.com.bn https://www.google.sh https://www.google.com.pa https://www.google.ci https://www.google.cl https://adservice.google.bg https://www.google.co.ve https://www.google.bs https://www.google.com.ag https://www.google.hn https://adservice.google.hn https://www.google.iq https://www.google.so https://www.google.com.np https://maps.gstatic.com https://www.media.barclays.co.uk https://5452834.fls.doubleclick.net https://dev.day.com https://pixel.quantserve.com https://bclays-ads.aimatch.com https://barclaysbankplc.demdex.net https://cm.everesttech.net https://dpm.demdex.net https://*.siteintercept.qualtrics.com https://www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://pagead2.googlesyndication.com https://ade.googlesyndication.com https://px.ads.linkedin.com https://connect.facebook.net https://www.recaptcha.net https://sasaimatch.uk.barclays https://cdn-ukwest.onetrust.com; connect-src 'self' https://formsdss-v3.uk.barclays https://bclays-ads.aimatch.com https://search.barclays.co.uk https://collect.tealiumiq.com https://*.akamaihd.net https://*.akstat.io https://c.go-mpulse.net https://www.media.barclays.co.uk https://device.4seeresults.com https://dpm.demdex.net https://barclaysbankplc.tt.omtrdc.net https://smetrics.barclays.co.uk https://*.siteintercept.qualtrics.com https://maps.googleapis.com https://btttag.com https://*.btttag.com https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://widget.decibelinsight.net https://portal.decibel.com https://v6-eu.api.decibel.com https://api.decibel.com https://d063-248-eu-frankfurt-1.api.decibel.com https://www.googletagmanager.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://www.google.com https://google.com https://px.ads.linkedin.com https://analytics.tiktok.com https://px4.ads.linkedin.com https://www.recaptcha.net https://sasaimatch.uk.barclays https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://barclays-bx-privacy.my.onetrust.com; font-src 'self' data: https://fonts.gstatic.com https://www.media.barclays.co.uk; manifest-src 'self'; media-src 'self' https://demo.barclays.co.uk https://www.media.barclays.co.uk;

[ STRONG ]

// Prevents clickjacking by blocking iframe embedding from other origins.

SAMEORIGIN

[ STRONG ]

// Prevents MIME sniffing. Should be 'nosniff'.

nosniff

[ MISSING ]

// Controls how much referrer info is leaked when navigating away.

// missing — add this header to improve security

[ MISSING ]

// Restricts which browser features (camera, mic, etc.) the page can use.

// missing — add this header to improve security