DNS Gurus
Cached · just now
12 Headers

HTTP Security Headers

Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Consider adding 'preload' to HSTS for maximum security
  • Add Content-Security-Policy header to prevent XSS attacks
  • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked

Caching Headers

1 headers
Cache-Control
Caching
public,max-age=86400

Content Headers

1 headers
Content-Type
Content
text/html; charset=utf-8

Server Headers

0 headers
No server headers found

CORS Headers

0 headers
No CORS headers found

Cookies Headers

1 headers
Set-Cookie
Cookies
incap_ses_1845_2991537=0GxaA+LJaSnDlfFXTMKaGYUGSWkAAAAAazhB8mlpB1LFC0G8VkGyTA==; path=/; Secure; SameSite=None

Other Headers

5 headers
Content-Security-Policy-Report-Only
Other
default-src 'self';script-src 'self' *.launchdarkly.com *.storage.googleapis.com *.youtube.com activityservice-sr-stg.service.signalr.net cdn.cookielaw.org cdn.jsdelivr.net cdnapisec.kaltura.com code.jquery.com dc.services.visualstudio.com feeds.feedburner.com login.microsoftonline.com rss.nytimes.com rum.browser-intake-us3-datadoghq.com txadjstmntsendpointnonprod.azureedge.net txadjstmntsendpointstg.azureedge.net taxplatformendpointstg.azureedge.net globaltaxworkspacestg.azureedge.net entityopsendpointdev.azureedge.net c4t-mfe-cdn-endpoint-stg.azureedge.net entityopsendpointstage.azureedge.net tax-analytics-and-diagnostics.powerappsportals.com apps.powerapps.com engagementplan-stg.azureedge.net *.pwcglb.com analyticseverywhere-dev.powerappsportals.com globalincentivessolutions-sightline-ui-stg.pzi-gtus-p-ase-ttdshared-s001.appserviceenvironment.net globalincentivessolutions-sightline-httpapi-uat.pzi-gtus-n-ase-ttdshared-d001.appserviceenvironment.net default-edhfcjemg0hganct.a02.azurefd.net pwc-us-tax-stgdccmfe.azureedge.net sdemfeapi-stg.pzi-gtus-n-ase-ttdshared-d001.appserviceenvironment.net *.pwchalo.com pwc.sharepoint.com ustp-p-app-i46ie5n4-s000.pzi-gtus-p-ase-ttdshared-s005.appserviceenvironment.net c4t-mfe-cdn-endpoint-stg-web.azureedge.net taxhubwebuiv2-app-stg.pzi-gtus-p-ase-ttdshared-s001.appserviceenvironment.net data.pendo.io cdn.pendo.io gosystemwebuistg.pzi-gtus-p-ase-ttdshared-s001.appserviceenvironment.net *.pendo.io *.applicationinsights.azure.com storage.googleapis.com engagementplan-dev.azureedge.net engagementplan-qa.azureedge.net engagementplan-uat.azureedge.net engagementplan.azureedge.net dataappsendpointdev.azureedge.net dataappsendpointqa.azureedge.net dataappsendpointuat.azureedge.net dataappsendpointstg.azureedge.net dataappsendpointprod.azureedge.net taxplatformdashboarduat-ep.azureedge.net taxplatformendpointuat.azureedge.net *.msecnd.net *.google-analytics.com *.googletagmanager.com *.pwc.com *.pwcinternal.com 'unsafe-eval' 'unsafe-inline';style-src 'self' taxplatformendpointstg.azureedge.net default-edhfcjemg0hganct.a02.azurefd.net pwc-appkit.azureedge.net *.storage.googleapis.com fonts.googleapis.com cdn.pendo.io *.pwc.com *.pwcinternal.com dataappsendpointdev.azureedge.net dataappsendpointqa.azureedge.net dataappsendpointuat.azureedge.net dataappsendpointstg.azureedge.net dataappsendpointprod.azureedge.net 'unsafe-inline';connect-src 'self' *.launchdarkly.com https://activityservice-sr-stg.service.signalr.net wss://activityservice-sr-stg.service.signalr.net api.feedback.us.pendo.io cdn.cookielaw.org dc.services.visualstudio.com geolocation.onetrust.com login.microsoftonline.com privacyportal-eu.onetrust.com browser-intake-us3-datadoghq.com engagementplan-dev.azureedge.net graph.microsoft.com default-edhfcjemg0hganct.a02.azurefd.net sdemfeapi-stg.pzi-gtus-n-ase-ttdshared-d001.appserviceenvironment.net *.pwchalo.com wss://*.pwchalo.com sl-aisvc-webapp-stg.pwcinternal.com mfttotaxdocs-stg.pzi-gtus-p-ase-ttdshared-s006.appserviceenvironment.net https://data.pendo.io https://pwc.sharepoint.com data js.monitor.azure.com engagementplan-stg.azureedge.net beaconservice-sr-stg.service.signalr.net wss://beaconservice-sr-stg.service.signalr.net ustp-p-app-i46ie5n4-s000.pzi-gtus-p-ase-ttdshared-s005.appserviceenvironment.net ustaxplatform-sr-stg.service.signalr.net wss://ustaxplatform-sr-stg.service.signalr.net globalincentivessolutions-sightline-ui-stg.pzi-gtus-p-ase-ttdshared-s001.appserviceenvironment.net sttzusstage002.blob.core.windows.net cmtsvc-web-stg.pwc.com pzigxnu2srbluzs001.blob.core.windows.net txadjstmntsendpointstg.azureedge.net taxhubwebapiv2-app-stg.pzi-gtus-p-ase-ttdshared-s001.appserviceenvironment.net taxplatformendpointprod.azureedge.net c4t-mfe-cdn-endpoint-stg.azureedge.net blob app.pendo.io sdemfeapi-stg.pzi-gtus-p-ase-ttdshared-s001.appserviceenvironment.net esignaturefunctions-stg.pzi-gtus-p-ase-ttdshared-s001.appserviceenvironment.net ustp-p-sigr-yhzyxu7z-s000.service.signalr.net wss://ustp-p-sigr-yhzyxu7z-s000.service.signalr.net sttzusprod002.blob.core.windows.net gosystemapistg.pzi-gtus-p-ase-ttdshared-s001.appserviceenvironment.net ustp-p-app-yhzyxu7z-s002.pzi-gtus-p-ase-ttdshared-s006.appserviceenvironment.net ustp-p-hxqnbynv-app-s000.azurewebsites.net *.pwc.com *.pwcinternal.com *.applicationinsights.azure.com taxplatformdashboarduat-ep.azureedge.net taxplatformendpointuat.azureedge.net dataappsendpointdev.azureedge.net dataappsendpointqa.azureedge.net dataappsendpointuat.azureedge.net dataappsendpointstg.azureedge.net dataappsendpointprod.azureedge.net;font-src 'self' *.youtube.com data: feeds.feedburner.com rss.nytimes.com txadjstmntsendpointnonprod.azureedge.net taxplatformendpointstg.azureedge.net default-edhfcjemg0hganct.a02.azurefd.net pwc-us-tax-stgdccmfe.azureedge.net fonts.gstatic.com dataappsendpointstg.azureedge.net pwc-appkit.azureedge.net fonts.googleapis.com ustp-p-app-i46ie5n4-s000.pzi-gtus-p-ase-ttdshared-s005.appserviceenvironment.net c4t-mfe-cdn-endpoint-stg-web.azureedge.net globalincentivessolutions-sightline-ui-stg.pzi-gtus-p-ase-ttdshared-s001.appserviceenvironment.net taxhubwebuiv2-app-stg.pzi-gtus-p-ase-ttdshared-s001.appserviceenvironment.net gosystemwebuistg.pzi-gtus-p-ase-ttdshared-s001.appserviceenvironment.net *.pwc.com *.pwcinternal.com;img-src 'self' data: *.storage.googleapis.com *.youtube.com cdn.cookielaw.org cdnapisec.kaltura.com feeds.feedburner.com rss.nytimes.com txadjstmntsendpointnonprod.azureedge.net taxplatformendpointstg.azureedge.net default-edhfcjemg0hganct.a02.azurefd.net https://www.pwc.co.uk blob *.ytimg.com googletagmanager.com ustp-p-app-i46ie5n4-s000.pzi-gtus-p-ase-ttdshared-s005.appserviceenvironment.net data.pendo.io gosystemwebuistg.pzi-gtus-p-ase-ttdshared-s001.appserviceenvironment.net *.pendo.io *.pwc.com *.pwcinternal.com dataappsendpointdev.azureedge.net dataappsendpointqa.azureedge.net dataappsendpointuat.azureedge.net dataappsendpointstg.azureedge.net dataappsendpointprod.azureedge.net taxplatformdashboarduat-ep.azureedge.net taxplatformendpointuat.azureedge.net;media-src 'self' *.youtube.com feeds.feedburner.com rss.nytimes.com default-edhfcjemg0hganct.a02.azurefd.net *.pendo.io *.pwc.com *.pwcinternal.com dataappsendpointdev.azureedge.net dataappsendpointqa.azureedge.net dataappsendpointuat.azureedge.net dataappsendpointstg.azureedge.net dataappsendpointprod.azureedge.net;object-src 'self' *.youtube.com *.pwc.com *.pwcinternal.com;frame-ancestors 'self' login.microsoftonline.com *.pwc.com *.pwcinternal.com;frame-src 'self' login.microsoftonline.com login.windows.net apps.powerapps.com analyticseverywhere-dev.powerappsportals.com pwc.sharepoint.com engagementcalendar-uat.powerappsportals.com app.pendo.io engagementcalendar.powerappsportals.com *.pwc.com *.pwcinternal.com app.powerbi.com *.youtube.com *.youtu.be;worker-src 'self' blob *.pwc.com *.pwcinternal.com;report-uri /api/Csp/ReportViolation
Date
Other
Mon, 22 Dec 2025 08:51:17 GMT
Request-Context
Other
appId=cid-v1:d16afd90-c1a6-4167-90c9-ce967a720e07
X-Cdn
Other
Imperva
X-Iinfo
Other
55-90718714-90718718 NNNN CT(3 3 0) RT(1766393477739 22) q(0 0 0 0) r(0 0) U12

Recommendations

Enable compression (gzip/brotli) to improve performance

Analysis completed in 208ms