HTTP Headers for stripe.com

Responds with HTTP 200 OK from nginx — 5 of 6 security headers present.

URL to Check

200 OKhttps://stripe.com/

Security Headers5/6

HSTS

CSP

X-Frame-Options

X-Content-Type-Options

Referrer-Policy

Permissions-Policy

All Response Headers (17)

connectionclose

content-encodinggzip

content-security-policybase-uri 'none'; child-src 'none'; connect-src https://c.increment.com https://c.stripe.dev https://c.stripe.global https://c.stripe.partners blob: https://b.stripecdn.com https://errors.stripe.com https://ext.stripe.com https://r.stripe.com https://stripe-images.s3.us-west-1.amazonaws.com https://stripe.com 'self'; default-src 'none'; font-src https://b.stripecdn.com 'self'; form-action https://stripe.com 'self'; frame-ancestors https://app.contentful.com 'self'; frame-src https://b.stripecdn.com https://js.stripe.com https://support-conversations.stripe.com 'self'; img-src data: https://assets.ctfassets.net https://assets.stripeassets.com https://b.stripecdn.com https://images.ctfassets.net https://images.stripeassets.com https://q.stripe.com 'self'; manifest-src 'none'; media-src https://assets.ctfassets.net https://assets.stripeassets.com https://b.stripecdn.com https://videos.ctfassets.net https://videos.stripeassets.com 'self'; object-src 'none'; script-src https://b.stripecdn.com https://js.stripe.com 'self' 'sha256-3aWvb9tRBjmz1OjR3n7mwiTm94+s4iki4mMZF82asmc=' 'sha256-5LtzXhT7UFn+GqP5pKEMGL08UNZsrzANHFEBW/mQHGw=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-vTifGUJH6hJYTvstw4xJ4xfr/vE0ELkOV4GpCumyqfg=' 'sha256-KxhSaxKB5RFTQsqfRwp+zG7iLjvMrTAySqnSvWlqct0=' 'sha256-tMuJ8c00j54yuxogrdIJeGhNVB350dc56i969XRz/Mc=' 'sha256-aEFSvCaVnb2wNwuO3IzA8J44RdTKt6vms9beA7BcCYg=' 'sha256-0SWEc2BfR2o77i2vUiNNIrFKQkjc2Ujsr2hlfZ6oUek=' 'report-sample'; style-src https://b.stripecdn.com 'self' 'unsafe-inline'; worker-src https://b.stripecdn.com 'self'; upgrade-insecure-requests; report-uri https://q.stripe.com/csp-violation?q=AR7pISu6fR5wYtrrvXU1OZeQ0AjQYumGvOpVfCEql79ztNR3EEO-QRIIcqcrVe8%3D

content-typetext/html; charset=utf-8

cross-origin-opener-policysame-origin-allow-popups; report-to="wsp_coop"

cross-origin-opener-policy-report-onlysame-origin-allow-popups; report-to="wsp_coop"

dateFri, 24 Apr 2026 10:10:51 GMT

referrer-policyno-referrer-when-downgrade

report-to{"group":"coop","max_age":8640,"endpoints":[{"url":"https://q.stripe.com/coop-report"}],"include_subdomains":true}, {"group":"wsp_coop","max_age":8640,"endpoints":[{"url":"https://q.stripe.com/coop-report?s=AR7pISu6fR5wYtrrvXU1OZeQ0AjQYumGvOpVfCEql79ztNR3EEO-QRIIcqcrVe8="}],"include_subdomains":true}, {"group":"wsp_coep","max_age":8640,"endpoints":[{"url":"https://q.stripe.com/coep-report?s=AR7pISu6fR5wYtrrvXU1OZeQ0AjQYumGvOpVfCEql79ztNR3EEO-QRIIcqcrVe8="}],"include_subdomains":true}, {"group":"csp","max_age":8640,"endpoints":[{"url":"https://q.stripe.com/csp-report-v2?q=AR7pISu6fR5wYtrrvXU1OZeQ0AjQYumGvOpVfCEql79ztNR3EEO-QRIIcqcrVe8%3D&t=1"}],"include_subdomains":true}

reporting-endpointscoop="https://q.stripe.com/coop-report", wsp_coop="https://q.stripe.com/coop-report?s=AR7pISu6fR5wYtrrvXU1OZeQ0AjQYumGvOpVfCEql79ztNR3EEO-QRIIcqcrVe8=", wsp_coep="https://q.stripe.com/coep-report?s=AR7pISu6fR5wYtrrvXU1OZeQ0AjQYumGvOpVfCEql79ztNR3EEO-QRIIcqcrVe8=", csp="https://q.stripe.com/csp-report-v2?q=AR7pISu6fR5wYtrrvXU1OZeQ0AjQYumGvOpVfCEql79ztNR3EEO-QRIIcqcrVe8%3D&t=1"

servernginx

strict-transport-securitymax-age=63072000; includeSubDomains; preload

x-content-type-optionsnosniff

x-frame-optionsSAMEORIGIN

x-stripe-proxy-responseupstream

x-stripe-server-rpc-duration-micros146396

x-wc3ff

SSL Certificate Checker

Check any domain's SSL/TLS certificate — issuer, expiry, SANs, and cipher.

→

HTTP Status Codes

Searchable reference of all HTTP status codes with descriptions and use cases.

→

WHOIS Lookup

Look up WHOIS details for any domain or IP address.

→