HTTP Headers Analysis for https://virtualspaces.pwc.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; object-src; style-src; +5 more

default-src 'self' data:; object-src https://sta02prodvworldprod07020.blob.core.windows.net https://sta03prodvworldprod07020.blob.core.windows.net; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://cdnjs.cloudflare.com; connect-src 'self' blob: https://*.virtualspaces.pwc.com https://*.ext.virtualworld.stg.codemelter.pwc.de https://sta02prodvworldprod07020.blob.core.windows.net https://sta03prodvworldprod07020.blob.core.windows.net wss://rehs.virtualspaces.pwc.com https://*.gstatic.com wss://*.twilio.com https://*.twilio.com https://*.sentry.io https://login.pwc.com https://*.akamaized.net https://*.daserste.de https://*.pwc.de https://*.pwc.com https://*.blob.core.windows.net https://*.google.com https://*.youtube.com https://*.vimeo.com https://*.windows.net https://*.twitch.tv https://*.pwcinternal.com https://*.pwc.to https://*.video-stream-hosting.de rtmp://*.kaltura.com rtmp://*.mediacdn.com https://storage.googleapis.com https://gitlab.com;; frame-src *.blob.core.windows.net *.ext.virtualworld.stg.codemelter.pwc.de app.mural.co/ www.youtube.com pwc.talentry.com/ app.sli.do/ miro.com/ *.google.com/ *.vimeo.com/ *.office.com *.pwc.to *.pwc.de streaming.pwc.de *.pwc.com *.pwcplus.de *.pwcinternal.com *.pwcglb.com *.asana.com https://padlet.com https://*.padlet.com *.spotify.com *.akamaized.net *.twitch.tv *.linkedin.com *.xing.com *.ondemand.com *.myshn.net *.workfront.com *.myworkday.com *.kaltura.com *.atlassian.com *.atlassian.net *.sharepoint.com teams.microsoft.com playground.metus.de/; img-src 'self' data: blob: https://sta02prodvworldprod07020.blob.core.windows.net https://sta03prodvworldprod07020.blob.core.windows.net https://cdn.jsdelivr.net/npm/; media-src 'self' data: blob: https://sta02prodvworldprod07020.blob.core.windows.net https://sta03prodvworldprod07020.blob.core.windows.net https://*.akamaized.net https://*.daserste.de https://*.pwc.de https://*.pwc.com https://*.blob.core.windows.net https://*.google.com https://*.youtube.com https://*.vimeo.com;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

Caching Headers

3 headers

Cache-Control

Caching

no-store, max-age=0

Etag

Caching

"i4wl0jbrzb14nd"

Pragma

Caching

no-cache

Content Headers

1 headers

Content-Type

Content

text/html; charset=utf-8

Server Headers

1 headers

Server

Incognito

CORS Headers

1 headers

Access-Control-Allow-Origin

Cors

virtualspaces.pwc.com

Cookies Headers

1 headers

Set-Cookie

Cookies

incap_ses_1607_3041916=aLM8CisxVhIioO/zhTZNFtEfTmkAAAAAoVZo40vPTGZ8jPJRa5T6/A==; path=/; Domain=.pwc.com; Secure; SameSite=None

Other Headers

4 headers

Date

Other

Fri, 26 Dec 2025 05:40:33 GMT

X-Cdn

Other

Imperva

X-Iinfo

Other

22-4906861-4906863 NNNN CT(79 90 0) RT(1766727633414 8) q(0 0 2 4) r(3 3) U12

X-Release

Other

2.1.2

Recommendations

Enable compression (gzip/brotli) to improve performance