HTTP Headers Analysis for https://thesuite.pwc.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Basic

frame-ancestors; default-src; style-src; +5 more

frame-ancestors knowledgenavigator.pwc.co.uk knowledgenavigator.pwc.com knowledgenavigator-backoffice.pwc.co.uk knowledgenavigator-backoffice.pwc.com workbench-eu.pwc.com login.pwc.com; default-src 'self' login.pwc.com knowledgenavigator.pwc.co.uk knowledgenavigator.pwc.com knowledgenavigator-backoffice.pwc.co.uk knowledgenavigator-backoffice.pwc.com *.knowledgenavigator.pwc.co.uk *.knowledgenavigator.pwc.com *.knowledgenavigator-backoffice.pwc.co.uk *.knowledgenavigator-backoffice.pwc.com *.pwc.co.uk *.pwc.com https://stats.g.doubleclick.net https://www.google-analytics.com cdn.plyr.io https://dc.services.visualstudio.com/v2/track *.twitter.com; style-src 'self' 'unsafe-inline' pwcappkit-static.azureedge.net cdnqwe.azurewebsites.net knowledgenavigator.pwc.co.uk knowledgenavigator.pwc.com knowledgenavigator-backoffice.pwc.co.uk knowledgenavigator-backoffice.pwc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com pwcappkit-static.azureedge.net https://cdnjs.cloudflare.com https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://www.googletagmanager.com https://www.google-analytics.com platform.twitter.com cdn.plyr.io https://js.monitor.azure.com/scripts/b/ext/ai.clck.2.min.js https://js.monitor.azure.com/scripts/b/ai.3.gbl.min.js https://js.cdn.applicationinsights.io/scripts/b/ai.3.gbl.min.js https://js.cdn.monitor.azure.com/scripts/b/ai.3.gbl.min.js https://js0.cdn.applicationinsights.io/scripts/b/ai.3.gbl.min.js https://js0.cdn.monitor.azure.com/scripts/b/ai.3.gbl.min.js https://js2.cdn.applicationinsights.io/scripts/b/ai.3.gbl.min.js https://js2.cdn.monitor.azure.com/scripts/b/ai.3.gbl.min.js https://az416426.vo.msecnd.net/scripts/b/ai.3.gbl.min.js; frame-src 'self' https://pwc.mediaspace.kaltura.com https://*.pwc.com https://*.pwcinternal.com https://platform.twitter.com https://accounts.google.com https://docs.google.com https://workbench-eu.pwc.com https://www.youtube.com; img-src 'self' knowledgenavigator.pwc.co.uk knowledgenavigator.pwc.com knowledgenavigator-backoffice.pwc.co.uk knowledgenavigator-backoffice.pwc.com https://www.google.com https://www.google.ie https://www.google.co.uk https://umbraco.tv pwcappkit-static.azureedge.net data; connect-src 'self' ulzipqjgadfa0001.azurewebsites.net login.pwc.com https://www.trade-tariff.service.gov.uk https://ec.europa.eu/taxation_customs/vies/rest-api/check-vat-number https://ec.europa.eu/taxation_customs/vies/rest-api/check-vat-test-service https://ec.europa.eu/taxation_customs/vies/rest-api/check-status https://api.service.hmrc.gov.uk/oauth/token https://api.service.hmrc.gov.uk/organisations/vat/check-vat-number/lookup/ https://js.monitor.azure.com/scripts/b/ext/ai.clck.2.min.js https://js.monitor.azure.com/scripts/b/ai.config.1.cfg.json https://uksouth-1.in.applicationinsights.azure.com/v2/track; font-src 'self' cdnqwe.azurewebsites.net cdn.rawgit.com pwcappkit-static.azureedge.net cdn.jsdelivr.net;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Caching Headers

2 headers

Cache-Control

Caching

no-store

Pragma

Caching

no-cache

Content Headers

1 headers

Content-Type

Content

text/html; charset=utf-8

Server Headers

1 headers

Server

Microsoft-IIS/10.0

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

incap_ses_1252_3086156=DFPMHbLjbA63ULAndf9fETJYQmkAAAAAL4Bye0gARlPjk1PayBcpWA==; path=/; Secure; SameSite=None

Other Headers

4 headers

Date

Other

Wed, 17 Dec 2025 07:13:54 GMT

Request-Context

Other

appId=cid-v1:272384d3-4a55-4f0d-8b0a-63fbccb1dbc6

X-Cdn

Other

Imperva

X-Iinfo

Other

11-18670575-18670577 NNNN CT(91 157 0) RT(1765955634372 14) q(0 0 2 1) r(3 4) U12

Recommendations

Enable compression (gzip/brotli) to improve performance