HTTP Headers Analysis for https://app.aesopcanada.com

Detected Technologies from Headers

See all in URL Inspect 3

ASP.NET

Imperva Active incidents

Microsoft IIS

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

connection: close
transfer-encoding: chunked

Caching Headers

Cache-Control

Caching

private

cache-control: private

Content Headers

Content-Type

Content

text/html

content-type: text/html

Server Headers

Server

Microsoft-IIS/8.5

X-Powered-By

Server

ASP.NET

server: Microsoft-IIS/8.5
x-powered-by: ASP.NET

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: AWSALB=kUHMA8H4L2uYYOHevyUgLbb+4GgZ+yh3EiLWucHmJg1Waq9oD68RZXo65bq2ET6Y1qNA4jBwbnyCxAOdbvCL+QXOEn6coqmLqxQ/ZT6yRe9HQv8tJtFRi+B35sSY; Expires=Thu, 28 May 2026 10:46:50 GMT; Path=/
AWSALBCORS=kUHMA8H4L2uYYOHevyUgLbb+4GgZ+yh3EiLWucHmJg1Waq9oD68RZXo65bq2ET6Y1qNA4jBwbnyCxAOdbvCL+QXOEn6coqmLqxQ/ZT6yRe9HQv8tJtFRi+B35sSY; Expires=Thu, 28 May 2026 10:46:50 GMT; Path=/; SameSite=None; Secure
GUID=3B949F5E6D53F6D78889C8A0BC499445; path=/
ASPSESSIONIDCATBTBRT=JCFCEJEDENCAOJNJBHDIJPII; path=/
visid_incap_2441585=IIQ3/1F7R9KjJsidB6qySpriDmoAAAAAQUIPAAAAAAAh3DOP6ZgCJEKL0pJDnpJo; expires=Fri, 21 May 2027 06:34:39 GMT; HttpOnly; path=/; Domain=.aesopcanada.com
nlbi_2441585=Gi7jBm6AVHvzIeQvTzlcsQAAAADhCoVjqRC4/Ld5A4VG7DI/; HttpOnly; path=/; Domain=.aesopcanada.com
incap_ses_1709_2441585=hV00L0FtrhHq4gKoGZe3F5riDmoAAAAAGwM5V9Bh1g/DylepXUjsiw==; path=/; Domain=.aesopcanada.com

Other Headers

Date

Other

Thu, 21 May 2026 10:46:50 GMT

X-Cdn

Other

Imperva

X-Iinfo

Other

36-4121426-4121429 NNNN CT(1 2 0) RT(1779360410818 21) q(0 0 0 0) r(0 0) U24

date: Thu, 21 May 2026 10:46:50 GMT
x-cdn: Imperva
x-iinfo: 36-4121426-4121429 NNNN CT(1 2 0) RT(1779360410818 21) q(0 0 0 0) r(0 0) U24

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology