uu.se | Analytics by SecurityHeaders

HTTP Headers report for uu.se

Header Name Header Data
HTTP status code 200
Content-Type text/html;charset=UTF-8
X-Cnection close
Pragma no-cache
Server baffin-bay-inlet
Cache-Control no-cache, no-store, must-revalidate
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rekai.se https://siteimproveanalytics.com/ https://ebbot-v2.storage.googleapis.com https://mfstatic.com blob: https://uu.sitevision-cloud.se blob: api.mazemap.com api.mapbox.com d1bxh8uas1mnw7.cloudfront.net api.altmetric.com https://static.uu.se/ https://cdn.jsdelivr.net *.readspeaker.com *.twitter.com *.ctnotes.com https://s3.amazonaws.com/downloads.mailchimp.com/ https://mindthegeps.us6.list-manage.com https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' https://mfstatic.com api.mazemap.com d1bxh8uas1mnw7.cloudfront.net https://ebbot-v2.storage.googleapis.com https://static.uu.se/ *.readspeaker.com https://cdn-images.mailchimp.com/; font-src 'self' *.uu.se https://mfstatic.com https://resources.ebbot.ai https://sp.saml.v2.ebbot.app data: ; base-uri 'self'; manifest-src 'self'; form-action 'self' https://ui.ungpd.com/Api/Subscriptions/ *.readspeaker.com *.paypal.com; img-src 'self' https://*.googletagmanager.com data: *; frame-ancestors 'self' diskus.ub.uu.se; object-src 'self' blob: ; frame-src 'self' youtube.com www.youtube.com maps.google.se www.google.com https://community.instructuremedia.com uppsala.instructuremedia.com ullsalen.its.uu.se *.mediaflow.com uu.mediaflowportal.com urplay.se player.acast.com embed.acast.com open.spotify.com cloud.timeedit.net *.readspeaker.com datawrapper.dwcdn.net *.twitter.com https://media.medfarm.uu.se https://statsvet-kalendermodul.its.uu.se *.vimeo.com thingspeak.com thingspeak.mathworks.com https://www.googletagmanager.com https://www.snsn.se https://www2.snsn.se exhibitions.ub.uu.se; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.rekai.se youtube.com https://siteimproveanalytics.com/ https://*.mediaflow.com https://mfstatic.com tiles.mazemap.com api.mazemap.com events.mapbox.com api.mapbox.com https://ebbot-v2.storage.googleapis.com wss://v2.ebbot.app https://v2.ebbot.app https://sp.saml.v2.ebbot.app https://*.mediaflowpro.com *.readspeaker.com *.ctnotes.com https://vimeo.com https://mindthegeps.us6.list-manage.com https://*.googletagmanager.com cdn0-70012-liveedge0.dna.ip-only.net; child-src 'self' 'unsafe-inline' blob: api.mazemap.com api.mapbox.com link.mazemap.com use.mazemap.com d1bxh8uas1mnw7.cloudfront.net api.altmetric.com https://ebbot-v2.storage.googleapis.com; upgrade-insecure-requests; media-src 'self' blob: https://uu.sitevision-cloud.se https://*.mediaflow.com cdn0-70012-liveedge0.dna.ip-only.net *.inviewer.se;
Referrer-Policy strict-origin-when-cross-origin
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block
Date Sat, 19 Apr 2025 04:51:00 GMT
Set-Cookie JSESSIONID=50D90AD6DB602709155CEC9D62355DC8; Path=/; Secure; HttpOnly; SameSite=None
Strict-Transport-Security max-age=300; includeSubDomains; preload
X-Content-Type-Options nosniff
P3p CP="This is not a P3P policy!"
Expires Thu, 01 Jan 1970 00:00:00 GMT
Link </2.4c73ddc2178d03ec3374a31/1744786844089/sitevision-responsive-grids.css?gridConfigs=651.5d2bf5ad1791d0816f42521_FLUID_GRID&pushPull=false>; rel=preload; as=style
Vary accept-encoding
Connection keep-alive

About the tool

By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.

This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.

We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.

Watch it now at TrustRadar