HTTP Headers Analysis for https://cx.pwc.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

camera=(), geolocation=(), microphone=()

Recommendations

• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking

Performance Headers

1 headers

Connection

Performance

close

Caching Headers

3 headers

Cache-Control

Caching

no-cache, no-store, max-age=0, must-revalidate

Expires

Caching

0

Pragma

Caching

no-cache

Content Headers

1 headers

Content-Length

Content

0

Server Headers

0 headers

No server headers found

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

XM-CLIENT-LOCATION=fra1;path=/;SameSite=Lax;secure;httponly

Other Headers

8 headers

Content-Security-Policy-Report-Only

Other

frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report

Date

Other

Thu, 15 Jan 2026 01:32:02 GMT

Dc

Other

eu2

Host

Other

16

Location

Other

https://pwccx.qualtrics.com/login

X-Brand-Id

Other

pwccx

X-Request-Id

Other

afe6948e-d44a-46c2-a261-6e7f9b08e141

X-Transaction-Id

Other

3d65ae68-5308-4833-a26f-cdd2aeb1f738

Recommendations

Enable compression (gzip/brotli) to improve performance