Open
Cached
·
just now
19
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=15768000 ; includeSubDomains ; preload
Content-Security-Policy
Basic
frame-ancestors; script-src; object-src; +6 more
frame-ancestors 'self' *.tnb.com *.scene7.com *.tnb.ca *.tnb-canada.com *.tnbmobile.ca *.abb.com *.adobedtm.com *.widencdn.net *.googleapis.com *.gstatic.com *.youtube.com code.jquery.com *.google-analytics.com abb-publish.blaetterkatalog.de *.google.com *.google.nl *.google.be ; script-src 'self' 'strict-dynamic' 'nonce-YVc3Y3ktMnhkb0BKYlB0Y0l6Z1NYUUFBQXA4' 'unsafe-inline' 'unsafe-eval' code.jquery.com; object-src 'none'; upgrade-insecure-requests;, frame-ancestors 'self' *.tnb.com *.scene7.com *.tnb.ca *.tnb-canada.com *.tnbmobile.ca *.abb.com *.abb *.adobedtm.com *.widencdn.net *.googleapis.com *.gstatic.com *.youtube.com code.jquery.com *.google-analytics.com abb-publish.blaetterkatalog.de *.google.com *.google.nl *.google.be tnb.ca ; img-src 'self' data: https://cscript-cdn-irl-uat.cassiecloud.com *.youtube.com https://el-sales.ca.abb.com code.jquery.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://login.microsoftonline.com/ *.abb.com *.abb https://s7d3.scene7.com/; object-src data: 'unsafe-eval'; upgrade-insecure-requests; frame-src 'self' https://ids-irl-uat.cms.abb/ https://ids-irl-uat.syrenis.com/ https://ids-irl-uat.syrenis.com/ https://ids-irl-uat.uat.cms.abb/ https://ids-irl-uat.brand.abb/ https://ids-irl-uat.global.abb/ https://ids-irl-uat.qa.cms.abb/ https://www.google.com/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ youtube.com www.youtube.com https://www.youtube.com/ https://td.doubleclick.net/ https://el-sales.ca.abb.com/ tnb.ca;
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
same-origin
Permissions-Policy
Present
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
Performance Headers
2 headers
Connection
Performance
close
Vary
Performance
user-agent
Caching Headers
3 headers
Cache-Control
Caching
max-age=0, no-cache, no-store, must-revalidate
Expires
Caching
0
Pragma
Caching
no-cache
Content Headers
2 headers
Content-Length
Content
2300
Content-Type
Content
text/html; charset=UTF-8
Server Headers
0 headers
No server headers found
CORS Headers
3 headers
Access-Control-Allow-Headers
Cors
Origin, X-Requested-With, Content-Type, Accept, Authorization
Access-Control-Allow-Methods
Cors
GET,HEAD,OPTIONS,POST,PUT
Access-Control-Allow-Origin
Cors
*
Cookies Headers
0 headers
No cookies headers found
Other Headers
2 headers
Alt-Svc
Other
h3=":443"; ma=93600
Date
Other
Tue, 20 Jan 2026 01:39:23 GMT
Recommendations
Enable compression (gzip/brotli) to improve performance