Open
Cached
·
just now
28
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31557600; includeSubDomains
Content-Security-Policy
Good
default-src; script-src; style-src; +12 more
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.datadoghq-browser-agent.com https://optimise.aws.fortum.com https://*.clarity.ms https://bat.bing.com https://bat.bing.net https://c.bing.com https://try.abtasty.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://optanon.blob.core.windows.net https://ajax.googleapis.com https://*.onetrust.com https://connect.facebook.net https://gtm.fortum.com https://valuesportal.com https://cdn.adt389.net https://gtm.adt313.net https://ion.fortum.com https://cdn.horizons.confirmit.eu https://horizons.confirmit.eu https://cdn.cookielaw.org https://*.boost.ai https://siteimproveanalytics.com https://*.hs-banner.com https://track.hubspot.com https://*.hsleadflows.net https://js.hubspot.com https://*.hsforms.net https://*.hsforms.com https://*.hs-analytics.net https://*.hs-scripts.com https://tagmanager.google.com https://*.hsadspixel.net https://js.hscta.net https://js-eu1.hscta.net https://*.hubspot.com https://*.hubspot.net https://static.hsappstatic.net https://*.usemessages.com https://*.hscollectedforms.net https://feedback.hubapi.com https://*.hubspotfeedback.com https://feedback-eu1.hubapi.com https://qa-assistant.abtasty.com https://*.adform.net https://snap.licdn.com https://survey.fortum.com https://acdn.adnxs.com https://static.ads-twitter.com https://sc-static.net https://tr.snapchat.com https://tr6.snapchat.com https://*.readpeak.com https://www.aservice.cloud https://analytics.tiktok.com https://*.tiktok.com; style-src 'self' 'unsafe-inline' https://cdn.horizons.confirmit.eu https://horizons.confirmit.eu https://cdn.cookielaw.org https://optanon.blob.core.windows.net https://try.abtasty.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://cdn2.hubspot.net https://www.gstatic.com https://*.boost.ai https://survey.fortum.com; img-src 'self' blob: data: https://*.fortum.com https://cdn.valuesportal.com https://log.adtraction.fail https://*.g.doubleclick.net https://ad.doubleclick.net https://*.analytics.google.com https://googleads.g.doubleclick.net https://ade.googlesyndication.com https://bat.bing.com https://bat.bing.net https://*.google-analytics.com https://*.googletagmanager.com https://gtm.fortum.com https://cdn.horizons.confirmit.eu https://horizons.confirmit.eu https://cdn.cookielaw.org https://*.clarity.ms https://optanon.blob.core.windows.net https://www.facebook.com https://editor-assets.abtasty.com https://boost-files-general-eu-west-1-prod.s3-eu-west-1.amazonaws.com https://images.ctfassets.net https://*.siteimproveanalytics.io https://c.bing.com https://track.hubspot.com https://*.hsforms.net https://*.hsforms.com https://ssl.gstatic.com https://www.gstatic.com https://js.hscta.net https://js-eu1.hscta.net https://no-cache.hubspot.com https://*.hubspot.com https://*.hubspot.net https://cdn2.hubspot.net https://*.fls.doubleclick.net https://px.ads.linkedin.com https://px4.ads.linkedin.com https://*.adform.net https://survey.fortum.com https://ib.adnxs.com https://analytics.twitter.com https://t.co https://fortum.heydaypro.com https://pbs.twimg.com https://fonts.gstatic.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.tiktok.com https://app.readpeak.com https://server.seadform.net https://px.ads.linkedin.com https://*.google.com https://*.google.fi https://*.google.no https://*.google.se https://*.google.pl https://*.google.es https://*.google.com.ua https://*.google.nl https://*.google.de https://*.google.fr; media-src 'self' https://videos.ctfassets.net https://www.fortum.com; frame-src https://youtube.com https://www.youtube.com https://youtube-nocookie.com https://www.youtube-nocookie.com https://player.vimeo.com https://cdn.horizons.confirmit.eu https://horizons.confirmit.eu https://se.fortum-test.wdr.io https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://td.doubleclick.net https://www.googletagmanager.com https://datastudio.google.com https://lookerstudio.google.com https://cdn.cookielaw.org https://*.fortum.se https://*.fortum.fi https://pages.upsales.com https://www.fortum.com https://qa.fortum-cms-se.dev.wdr.io https://*.fortum-se.dev.wdr.io https://*.hsforms.net https://*.hsforms.com https://*.hubspot.com https://*.hubspot.net https://*.hs-sites.com https://*.hs-sites-eu1.com https://play.hubspotvideo.com https://play-eu1.hubspotvideo.com https://*.adform.net https://www.facebook.com https://gtm.fortum.com https://survey.fortum.com https://secredirect.wheelq.com https://surveys.wheelq.com https://tr.snapchat.com https://tr6.snapchat.com https://o.clarity.ms https://bat.bing.com; font-src 'self' https://cdn.horizons.confirmit.eu https://horizons.confirmit.eu https://fonts.gstatic.com https://survey.fortum.com https://fonts.gstatic.com; object-src 'none'; base-uri 'self'; form-action 'self' https://*.wdr.io https://dev.fortum.com https://staging.fortum.com https://*.hsforms.com https://*.hsforms.net https://www.facebook.com https://o.clarity.ms https://px.ads.linkedin.com https://*.boost.ai; frame-ancestors https://app.contentful.com https://*.fortum.se https://*.fortum.fi https://*.fortum.com; connect-src 'self' https://*.fortum.com https://*.fortum.se https://*.fortum.fi https://bat.bing.com https://bat.bing.net https://ion.fortum.no https://api.adtraction.net https://ion.fortum.com https://log.adtraction.fail https://*.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.abtasty.com https://gtm.fortum.com https://apps.apple.com https://play.google.com https://cdn.horizons.confirmit.eu https://horizons.confirmit.eu https://browser-intake-datadoghq.eu https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-de.onetrust.com https://*.clarity.ms https://*.mittfortum.com https://*.mittfortum.se https://*.contentful.com https://*.onetrust.com https://www.datadoghq-browser-agent.com https://browser-intake-datadoghq.eu https://adservice.google.com https://*.hs-banner.com https://*.hsforms.com https://*.hubapi.com https://js.hscta.net https://js-eu1.hscta.net https://*.hubspot.com https://*.hscollectedforms.net https://www.google.com https://px.ads.linkedin.com https://survey.fortum.com https://ib.adnxs.com https://ad.doubleclick.net https://pagead2.googlesyndication.com https://www.googleadservices.com https://*.readpeak.com https://www.aservice.cloud https://*.siteimproveanalytics.com https://*.siteimproveanalytics.io https://*.boost.ai https://tr.snapchat.com https://tr6.snapchat.com https://www.facebook.com https://analytics.tiktok.com https://*.tiktokw.us https://*.google.com https://*.google.fi https://*.google.no https://*.google.se https://*.google.pl https://*.google.es https://*.google.com.ua https://*.google.nl https://*.google.de https://*.google.fr; worker-src 'self' blob: data:; upgrade-insecure-requests; report-to browser-intake-datadoghq
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Strengthen CSP by removing 'unsafe-eval'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Vary
Performance
rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding
Caching Headers
2 headers
Cache-Control
Caching
s-maxage=300, stale-while-revalidate=3300
Etag
Caching
"z8dx1cbjcffgt2"
Content Headers
2 headers
Content-Length
Content
725312
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
X-Powered-By
Server
Next.js
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
NEXT_LOCALE=sv; Path=/se/el; SameSite=lax
Other Headers
14 headers
Date
Other
Fri, 26 Dec 2025 03:31:20 GMT
Report-To
Other
{"group":"browser-intake-datadoghq","max_age":10886400,"endpoints":[{"url":"https://browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pub9d4e5df6b7be8dcf829454216abe3f47&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Aglobal-web%2Cenv%3Aprd"}]}
Request-Context
Other
appId=cid-v1:
Via
Other
1.1 varnish, 1.1 varnish, 1.1 varnish
X-Cache
Other
MISS, MISS, MISS
X-Cache-Hits
Other
0, 0, 0
X-Dns-Prefetch-Control
Other
on
X-Middleware-Rewrite
Other
/se/el/sv
X-Nextjs-Cache
Other
HIT
X-Nextjs-Prerender
Other
1
X-Nextjs-Stale-Time
Other
3600
X-Served-By
Other
cache-iad-kiad7000135-IAD, cache-iad-kcgs7200117-IAD, cache-iad-kcgs7200123-IAD
X-Timer
Other
S1766719880.815677,VS0,VE407
X-Vcl-Version-Ogw
Other
133
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology
Analysis completed in 1261ms