HTTP Headers Analysis for https://stepup.se.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Weak

base-uri; object-src; frame-src; +1 more

base-uri 'self'; object-src 'self'; frame-src 'self'; frame-ancestors 'self' http://p72serv.eud.schneider-electric.com:8001 https://5114077.app.netsuite.com https://MAE-MCN.schneider-electric.com https://MAE-OSMUCN.schneider-electric.com https://acuitycloud.ai https://alteryx1.se.com https://alteryx2.se.com https://alteryx3.se.com https://alteryx4.se.com https://alteryx5.se.com https://alteryx6.se.com https://alteryxio1.schneider-electric.com https://analytics-apps.se.com https://andjjqgxg.accounts.ondemand.com https://app.bcinthecloud.com https://app.rebenefit.bg https://authenticator.monigle.net https://brand.se.com https://chinabfo2.schneider-electric.cn https://ebgorg.my.salesforce.com https://ekp.schneider-electric.cn https://esightcn.schneider-electric.com https://eu.knowbe4.com https://granier.eur.gad.schneider-electric.com https://eole-prod-web.schneider-electric.com https://idcs-000a252964c640c484351d4666349c17.identity.oraclecloud.com https://iwork.cn.schneider-electric.com https://lims.se.com https://preprod.lims.se.com https://login.teamviewer.com https://master.d1txxtzp6q6is3.amplifyapp.com https://mom.se.com https://mom.qa.se.com https://nprform.schneider-electric.com https://pads.schneider-electric.com https://paip.se.com https://paipdev.se.com https://peoplereporting.se.com https://peoplereportingdev.se.com https://peoplereportingpreprd.se.com https://peoplereportingtst.se.com https://pms-bangalore.ssc.se.com https://polygon.se.com https://portail.e-facture.net https://portal.runmyfinance.cloud https://sao.se.com:8443 https://sapsls.se.com:44300 https://schneider-electric.hermes.bg https://schneider-electric.showpad.biz https://schneiderelectricsa.ethicspoint.eu https://sco-sso.se.com https://se--superapp24.sandbox.lightning.force.com https://se.horizon.lextegrity.com https://se.lightning.force.com https://se.reverselogix.io https://space.sprinklr.com https://tableau.schneider-electric.com https://tableaueur.schneider-electric.com https://tableauprismeur.schneider-electric.com https://timeoff.guru https://tipi.schneider-electric.com https://waltserprd17483.gad.schneider-electric.com https://wfsiaprd12196.gad.schneider-electric.com https://wifiguest.schneider-electric.com:8500 https://wlimsa1prd18921.gad.schneider-electric.com https://wlimsa2prd18924.gad.schneider-electric.com https://wmsiappr23057.gad.schneider-electric.com https://www.infomart.co.jp https://www.rsmeansonline.com https://ebgorg.lightning.force.com https://tct.se.com:8080 https://schneiderelectric.sharepoint.com https://developer-ppr.api.se.com https://developer-ppr-new.api.se.com https://developer-qa.api.se.com https://developer-qa-new.api.se.com https://developer.api.se.com https://developer-new.api.se.com https://seinteldev.se.com https://seinteldev1.se.com https://seinteldev2.se.com https://seinteldev3.se.com https://seinteldev4.se.com https://seinteltest.se.com https://seintelqa.se.com https://seintelqa1.se.com https://seintelqa2.se.com https://seintelppr.se.com https://seintelppr1.se.com https://seintelppr2.se.com https://seintelpf.se.com https://seintel.se.com https://my407303.s4hana.cloud.sap https://iwork.cn.schneider-electric.com https://chinabfo2.schneider-electric.cn https://gsc-analytics-customapps.se.com https://gsc-analytics-apps.se.com ;

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Significantly strengthen CSP directives
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Consider adding Permissions-Policy to control browser features

Performance Headers

1 headers

Connection

Performance

close

Caching Headers

3 headers

Cache-Control

Caching

no-cache, no-store

Expires

Caching

Thu, 01 Jan 1970 00:00:00 GMT

Pragma

Caching

no-cache

Content Headers

2 headers

Content-Length

Content

7886

Content-Type

Content

text/html;charset=utf-8

Server Headers

0 headers

No server headers found

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

PF=Hct99xBavUeDsLk1N3e5jG; Path=/; Secure; HttpOnly; SameSite=None

Other Headers

2 headers

Date

Other

Sun, 25 Jan 2026 00:46:39 GMT

X-Aka-Detected-Continent

Other

NA

Recommendations

Enable compression (gzip/brotli) to improve performance