Open
Cached
·
just now
18
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=63072000
Content-Security-Policy
Good
default-src; connect-src; font-src; +10 more
default-src 'none'; connect-src 'self' https://app.kth.se https://analytics.sys.kth.se; font-src 'self' data: https://analytics.sys.kth.se; frame-src https://login.ug.kth.se; img-src 'self' data: https://login.ug.kth.se https://app.kth.se https://analytics.sys.kth.se; media-src 'self' data:; script-src 'self' 'strict-dynamic' 'unsafe-inline' https: 'sha256-h/2sT1GsMN8T6cUkiL6SqdhEnInUJJUxUu3I0DxvEzM=' 'sha256-CSsDg7m1dtycijBsG+XZkDJwh2nQPmk01zm3nENG4+A=' 'sha256-GJz8wEEZkPAmzdVLNndeDp+eiT2ReKMVmwcuJCcdIKk=' 'sha256-RawAKNmFnTlGgmcujbGJJ6SjpNQFwfj5TpgcOhiX9uM=' https://app.kth.se 'sha256-DYrb+SZeYKAiJeTI8xqCayymeuMmVRt+aXq8Ynt+tic=' 'sha256-JwpZ6kdsO5haL5d8W2nR+BUUZTsrojOQyclMTSKFWcg=' https://analytics.sys.kth.se 'sha256-54DKUx7Qkmh+vrYvxTKwuQykpP2Bk5qIFupZfwPfOhw=' 'sha256-mOzgqClRg1EsG4sr3oh/t7NDDfZan3dn2zqg7fqUuwA='; style-src 'self' 'unsafe-inline' 'sha256-XlJJezpbGp47+q/c7l4TfyJhhN7yyxMHIemv9u58A1k=' 'sha256-znMrUDLaHkkjLUDjEYX0eXVQDfCAw9mmpQnqFSL3epY=' 'sha256-7XSx59Bg95A9X5QOWsKDEKO5XuT/PAXcqtmz7GUPVkA=' 'sha256-jL/eOOYgnozMrF5THLfXVfemTAQDrWMpnC2H+4NDIAA=' 'sha256-zxOUcEMjWCO36SfpwF2Tlpk9aYHycnyHSYG7unso1Vk=' 'sha256-GXGKPVBqgmz+7KIoHziIsUyoHjU8dEKl9E1pUnZLHJw=' 'sha256-G1e3GasPFUwqb22BZZoi8rlReu+VYa1aafJwnMiYwqw=' https://app.kth.se 'sha256-PUAqwV974ukNOKvPhtR53qaw+kHXMRbRunbnRPn/qZw=' 'sha256-sLwRROr/mbJokfO2pgYvaHCRVypGNkp3cWkm6VDHe4M=' 'sha256-JhvecqQKT3DpqzO8Z/TSPL5m/RjHBUqSA5GrLOgkKQM=' 'sha256-B9JYPbOZiGon6F8qjY4D/t6EYpFUGegJtB/4ZG54Mkk=' 'sha256-nKMG0xoPrnGiy5m5jSXLEZ1H8l/plcS7n/VihDzEDb8=' 'sha256-9NuL/7o3CJh/VjvscXRHe5Gye7Dp243L5ZU1YhKlRzA=' 'sha256-CMPKSF6K94P9vb+HLmQkZwzY013xbE8ICjMIxlyttPI=' 'sha256-DbCt+LdbbPcXVx80h4hbApSegrnmmeMVBaf9khpzNQw=' 'sha256-PdP32wH4MC8RA1B3jG7o/ZYJvkxjsKPev244erw3lLc=' 'sha256-rqvf2+7jhLL4khGgv1k0uVutqW44F1tuci377dvwlqY=' 'sha256-l49i2cMFpHzPCVISaaLEIfqywoGTLCCOlTAt7aX3snA=' 'sha256-IndbmT3F0m2UpXMam1mKB0eTi5jiTZYEnfVHe6Bz2H4='; form-action 'self' https://login.ug.kth.se; frame-ancestors 'self'; base-uri 'none'; report-uri /api/csp-report; report-to csp-violation
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
same-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Strengthen CSP by removing 'unsafe-eval'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Access-Control-Request-Headers
Caching Headers
3 headers
Cache-Control
Caching
max-age=120,public
Etag
Caching
"609fbc800792c6541ac9841d307c3865"
Expires
Caching
Thu, 01 Jan 1970 00:00:01 GMT
Content Headers
2 headers
Content-Language
Content
sv-SE
Content-Type
Content
text/html;charset=UTF-8
Server Headers
0 headers
No server headers found
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
4 headers
Cheac-Control
Other
public, max-age=120
Date
Other
Thu, 15 Jan 2026 23:24:50 GMT
Reporting-Endpoints
Other
default="https://www.kth.se/api/browser-report/default", csp-violation="https://www.kth.se/api/browser-report/csp-violation"
Via
Other
HTTP/1.1 PageCache
Recommendations
Enable compression (gzip/brotli) to improve performance