Open
Cached
·
just now
17
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Strong
script-src; style-src; img-src; +6 more
script-src 'self' 'nonce-2120e0fcd8c90dbd565a8418c6719c84' *.pwcinternal.com *.pwc.com cdn.cookielaw.org pwcappkit-static.azureedge.net app.pendo.io cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5643100635922432.storage.googleapis.com app.eu.pendo.io cdn.eu.pendo.io pendo-eu-static-5643100635922432.storage.googleapis.com app.powerbi.com; style-src 'self' 'nonce-2120e0fcd8c90dbd565a8418c6719c84' *.pwcinternal.com *.pwc.com cdn.cookielaw.org pwcappkit-static.azureedge.net app.pendo.io cdn.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5643100635922432.storage.googleapis.com app.eu.pendo.io cdn.eu.pendo.io pendo-eu-static-5643100635922432.storage.googleapis.com app.powerbi.com; img-src 'self' data: blob: pwcappkit-static.azureedge.net cdn.pendo.io app.pendo.io pendo-static-5643100635922432.storage.googleapis.com data.pendo.io cdn.eu.pendo.io app.eu.pendo.io pendo-eu-static-5643100635922432.storage.googleapis.com data.eu.pendo.io cdn.cookielaw.org *.pwcinternal.com *.pwc.com *.cdn.office.net; font-src 'self' data: pwcappkit-static.azureedge.net *.pwcinternal.com *.pwc.com; default-src 'self'; connect-src 'self' wss: *.pwcinternal.com *.pwc.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-eu.onetrust.com app.pendo.io data.pendo.io pendo-static-5643100635922432.storage.googleapis.com app.eu.pendo.io data.eu.pendo.io pendo-eu-static-5643100635922432.storage.googleapis.com app.powerbi.com; frame-src 'self' app.pendo.io app.eu.pendo.io app.powerbi.com *.officeapps.live.com; worker-src 'self' blob:; media-src 'self' blob:
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding
Caching Headers
2 headers
Cache-Control
Caching
no-store
Pragma
Caching
no-cache
Content Headers
1 headers
Content-Type
Content
text/html
Server Headers
1 headers
Server
Server
istio-envoy
CORS Headers
1 headers
Access-Control-Allow-Origin
Cors
*.pwcinternal.com
Cookies Headers
1 headers
Set-Cookie
Cookies
incap_ses_1843_3254180=7DzrEYZ1Hl8ttypt0aaTGXxhTWkAAAAAyados+oLNqvJc8uchTGqqw==; path=/; Secure; SameSite=None
Other Headers
4 headers
Date
Other
Thu, 25 Dec 2025 16:08:29 GMT
X-Cdn
Other
Imperva
X-Envoy-Upstream-Service-Time
Other
0
X-Iinfo
Other
57-163442472-163442474 NNNN CT(10 5 0) RT(1766678908973 6) q(0 0 0 1) r(0 0) U12
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 79ms