Open
Cached
·
just now
22
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Basic
default-src; connect-src; script-src; +10 more
default-src 'self'; connect-src 'self' entur.no *.entur.no en-tur.no *.en-tur.no entur.org *.entur.org *.entur.io ws://*.entur.io ws://*.entur.org wss://*.entur.io wss://*.entur.org https://events.mapbox.com https://www.google.com gstatic.com www.gstatic.com wss://*.puzzel.com/ https://stats.g.doubleclick.net https://*.tiles.mapbox.com https://api.mapbox.com https://cgchat.callguide.telia.com https://europe-west1-ent-enturapp-dev.cloudfunctions.net https://europe-west1-ent-enturapp-tst.cloudfunctions.net https://europe-west1-ent-enturint-dev.cloudfunctions.net https://europe-west1-ent-enturbeta-prd.cloudfunctions.net https://europe-west1-entur-prod.cloudfunctions.net https://search-dot-entur-prod.appspot.com https://search-dot-ent-enturbeta-prd.appspot.com https://search-dot-ent-enturapp-tst.appspot.com https://search-dot-ent-enturapp-dev.appspot.com https://search-dot-ent-enturint-dev.appspot.com https://firebaseinstallations.googleapis.com https://firebaseremoteconfig.googleapis.com https://firebaselogging-pa.googleapis.com https://o4508182734503936.ingest.de.sentry.io https://entur.humany.net https://api.ace.teliacompany.net https://chat2.ace.teliacompany.net/ https://chat.ace.teliacompany.net/ https://wds.ace.teliacompany.net/ https://*.puzzel.com/ https://n8p3h7hj.api.sanity.io https://n8p3h7hj.apicdn.sanity.io https://europe-west1-entur-feedback-staging.cloudfunctions.net https://europe-west1-entur-feedback.cloudfunctions.net https://*.posthog.com https://*.usercentrics.eu; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://events.mapbox.com https://www.google.com gstatic.com www.gstatic.com https://apis.google.com https://ajax.googleapis.com https://api.ace.teliacompany.net https://chat2.ace.teliacompany.net/ https://chat.ace.teliacompany.net/ https://wds.ace.teliacompany.com https://app-cdn.puzzel.com/ https://feedback.puzzel.com/ https://entur.humany.net https://*.posthog.com https://*.usercentrics.eu; img-src 'self' entur.no *.entur.no en-tur.no *.en-tur.no entur.org *.entur.org *.entur.io https://firebasestorage.googleapis.com https://storage.googleapis.com https://events.mapbox.com https://www.google.no data: blob: https://events.mapbox.com https://www.google.com *.googleusercontent.com *.doubleclick.net https://humany.blob.core.windows.net https://entur.humany.net https://api.ace.teliacompany.net https://chat2.ace.teliacompany.net/ https://chat.ace.teliacompany.net/ https://n8p3h7hj.api.sanity.io https://n8p3h7hj.apicdn.sanity.io https://cdn.sanity.io https://app-cdn.puzzel.com/ https://*.usercentrics.eu; style-src 'self' 'unsafe-inline' https://events.mapbox.com https://api.tiles.mapbox.com https://entur.humany.net https://api.ace.teliacompany.net https://chat2.ace.teliacompany.net/ https://chat.ace.teliacompany.net/ https://wds.ace.teliacompany.com https://app-static.eu.posthog.com https://*.puzzel.com/ https://*.usercentrics.eu; font-src 'self' https://ace-knowledge-cdn.teliacompany.net https://fonts.googleapis.com https://fonts.gstatic.com https://entur.humany.net https://*.puzzel.com/ https://*.usercentrics.eu; frame-ancestors *; frame-src 'self' https://events.mapbox.com https://www.google.com gstatic.com www.gstatic.com https://wds.callguide.telia.com/ https://traveller.entur.org https://traveller.dev.entur.org https://traveller.staging.entur.org https://traveller.beta.entur.org https://traveller.entur.no https://traveller.dev.entur.no https://traveller.staging.entur.no https://traveller.beta.entur.no https://entur.humany.net https://api.ace.teliacompany.net https://chat2.ace.teliacompany.net/ https://chat.ace.teliacompany.net/ https://wds.ace.teliacompany.com https://app-cdn.puzzel.com/ https://*.usercentrics.eu; object-src 'none'; child-src blob:; media-src 'self' entur.no *.entur.no en-tur.no *.en-tur.no entur.org *.entur.org *.entur.io https://api.ace.teliacompany.net https://chat2.ace.teliacompany.net/ https://chat.ace.teliacompany.net/; report-to csp-endpoint; report-uri https://o4508182734503936.ingest.de.sentry.io/api/4508222815731792/security/?sentry_key=e7ee5aa5fa5767b7db150c1ae6e12a3c
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
geolocation=(self)
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
Performance Headers
4 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
x-fh-requested-host, accept-encoding
Caching Headers
3 headers
Cache-Control
Caching
no-cache
Etag
Caching
"b25a2f03dc5a0b8320a2fc449fc4f03475e4551297d7c175985097e97daa5079"
Last-Modified
Caching
Tue, 02 Dec 2025 09:55:46 GMT
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
0 headers
No server headers found
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
7 headers
Alt-Svc
Other
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
Date
Other
Thu, 04 Dec 2025 02:29:38 GMT
Report-To
Other
{ "group": "csp-endpoint", "max_age": 10886400, "endpoints": [{ "url": "https://o4508182734503936.ingest.de.sentry.io/api/4508222815731792/security/?sentry_key=e7ee5aa5fa5767b7db150c1ae6e12a3c" }] }
X-Cache
Other
MISS
X-Cache-Hits
Other
0
X-Served-By
Other
cache-iad-kcgs7200090-IAD
X-Timer
Other
S1764815378.489340,VS0,VE60
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 4241ms