Open
Cached
·
just now
20
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=15768000
Content-Security-Policy
Good
default-src; script-src; style-src; +5 more
default-src 'self' ; script-src 'self' 'unsafe-inline' https://static.nrk.no https://*.go-mpulse.net ; style-src 'self' 'unsafe-inline' https://static.nrk.no ; font-src 'self' https://static.nrk.no https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com ; img-src 'self' data: https://qr.nrk.no https://static.nrk.no https://avatars.nrk.no https://gfx.nrk.no https://*.akstat.io https://direct.nrk.no ; connect-src 'self' https://o124059.ingest.us.sentry.io https://nrk-recommendations.appspot.com https://data.nrk.no https://api.pwnedpasswords.com https://*.akstat.io https://*.go-mpulse.net https://*.akamaihd.net ; frame-src 'self' https://innlogging-cors-validator.nrksuper.no https://preprod-innlogging-cors-validator.nrksuper.no ; frame-ancestors 'self' ;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer-when-downgrade
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Strengthen CSP by removing 'unsafe-eval'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
Transfer-Encoding
Content-Encoding
Performance
gzip
Transfer-Encoding
Performance
chunked
Caching Headers
3 headers
Cache-Control
Caching
max-age=0, no-cache, no-store
Expires
Caching
Sun, 07 Dec 2025 03:36:47 GMT
Pragma
Caching
no-cache
Content Headers
2 headers
Content-Encoding
Content
gzip
Content-Type
Content
text/html; charset=utf8;
Server Headers
0 headers
No server headers found
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
ncsrf=p50rY4yzlTnGSmzKFajLgFjZVAle_BM-qDFvut_VOBY; path=/; secure; samesite=lax; httponly
Other Headers
7 headers
Date
Other
Sun, 07 Dec 2025 03:36:47 GMT
Nrk-Colors
Other
{"bg":"#082b57","fg":"#ffffff","mode":"dark"}
Nrk-Correlationid
Other
24890d64-7a61-4415-896e-5492ba3b60a6
Request-Context
Other
appId=cid-v1:3990ef0b-ad6e-47fa-a235-6ff3b66621b7
Server-Timing
Other
ak_p; desc="1765078606691_399898343_2424012904_88682_15657_0_10_-";dur=1
X-Content-Security-Policy
Other
default-src 'self' ; script-src 'self' 'unsafe-inline' https://static.nrk.no https://*.go-mpulse.net ; style-src 'self' 'unsafe-inline' https://static.nrk.no ; font-src 'self' https://static.nrk.no https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com ; img-src 'self' data: https://qr.nrk.no https://static.nrk.no https://avatars.nrk.no https://gfx.nrk.no https://*.akstat.io https://direct.nrk.no ; connect-src 'self' https://o124059.ingest.us.sentry.io https://nrk-recommendations.appspot.com https://data.nrk.no https://api.pwnedpasswords.com https://*.akstat.io https://*.go-mpulse.net https://*.akamaihd.net ; frame-src 'self' https://innlogging-cors-validator.nrksuper.no https://preprod-innlogging-cors-validator.nrksuper.no ; frame-ancestors 'self' ;
X-Robots-Tag
Other
noindex
Recommendations
No recommendations at this time
Analysis completed in 1735ms