Open
Cached
·
just now
17
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Basic
default-src; script-src; style-src; +11 more
default-src 'self' *.se.com *.schneider-electric.com *.google-analytics.com *.googleapis.com *.gstatic.com *.force.com *.salesforce.com tools.se.app *.se.app ezlist-qa.com *.schneider-electric.us *.se-apps.net https://ssl.gstatic.com *.cookielaw.org https://cdn.cookielaw.org https://www.se.com; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' *.se.com *.schneider-electric.com *.google-analytics.com *.googleapis.com *.salesforceliveagent.com cdn.jsdelivr.net jsdelivr.net *.se *.cookielaw.org https://cdn.cookielaw.org data:; script-src 'self' 'unsafe-inline' https://ssl.gstatic.com https://www.google-analytics.com *.salesforceliveagent.com *.cookielaw.org https://cdn.cookielaw.org; script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com https://ssl.gstatic.com https://www.google-analytics.com https://*.jquery.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.se.com https://*.schneider-electric.com https://*.se-apps.net https://s3.us-east-2.amazonaws.com/xref-partnumbers https://cdn.jsdelivr.net/gh/umidbekk/react-flag-kit@1/assets/BR.svg https://www.se.com https://*.amazonaws.com https://*.salesforceliveagent.com *.force.com *.salesforce.com *.cookielaw.org https://cdn.cookielaw.org; style-src 'self' data: 'unsafe-inline' 'unsafe-eval' *; style-src-elem 'self' data: 'unsafe-inline' 'unsafe-eval' *; object-src 'none'; connect-src *; font-src 'self' * data: *.se.com *.schneider-electric.com *.gstatic.com https://www.se.com; form-action *; frame-src 'self' *.se.app *.se.com *.schneider-electric.com; frame-ancestors *;
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Caching Headers
3 headers
Cache-Control
Caching
public, max-age=36000
Etag
Caching
"319f33aa5113b3d4b2517f576a2a9aaf"
Last-Modified
Caching
Wed, 17 Jan 2024 11:44:18 GMT
Content Headers
2 headers
Content-Length
Content
19727
Content-Type
Content
text/html
Server Headers
0 headers
No server headers found
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
5 headers
Date
Other
Mon, 19 Jan 2026 21:46:41 GMT
X-Amz-Cf-Id
Other
GkSgfbN4HPJt_b3yIUTogQlNlG9LJ9agowIbPvUbp8C7ykypcRFySw==
X-Amz-Cf-Pop
Other
IAD12-P4
X-Amz-Server-Side-Encryption
Other
AES256
X-Amz-Version-Id
Other
QJpnZ7WaZZ17HA3mpr8sULTWmFJ0K_o6
Recommendations
Enable compression (gzip/brotli) to improve performance