Open
Cached
·
just now
15
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=18144000; includeSubDomains
Content-Security-Policy
Basic
default-src; style-src; font-src; +4 more
default-src 'self'; style-src 'self' 'unsafe-inline' https://cisback.aznresearch.com https://azncis.aznresearch.com https://azncis.azurewebsites.net https://secure.ecobank.com https://aznresearch.com https://use.fontawesome.com *.googleapis.com *.cloudflare.com; font-src 'self' https://cdnjs.cloudflare.com https://aznresearch.com https://use.fontawesome.com *.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com https://cisback.aznresearch.com https://azncis.aznresearch.com https://azncis.azurewebsites.net https://secure.ecobank.com https://aznresearch.com https://az416426.vo.msecnd.net https://stats.g.doubleclick.net *.google-analytics.com *.googleapis.com *.gstatic.com *.cloudflare.com http://*.matchingnotes.com http://matchingnotes.com *.yandex.com *.yandex.ru *.facebook.net *.twitter.com; connect-src 'self' *.visualstudio.com *.google-analytics.com *.yandex.com *.yandex.ru https://stats.g.doubleclick.net https://cisback.aznresearch.com https://azncis.aznresearch.com https://azncis.azurewebsites.net https://secure.ecobank.com https://aznresearch.com https://az416426.vo.msecnd.net *.googleapis.com; img-src 'self' data: https://ecobankonlinetest.ecobank.com *.tile.osm.org https://www.google.ie https://stats.g.doubleclick.net https://secure.ecobank.com https://cisback.aznresearch.com https://azncis.aznresearch.com https://azncis.azurewebsites.net https://aznresearch.com *.gstatic.com *.googleapis.com *.google.com *.google-analytics.com *.yandex.com *.yandex.ru *.facebook.com *.twitter.com *.openstreetmap.org data:; frame-src 'self' https://mc.yandex.com/ https://cisfront.aznresearch.com/ https://cis.aznresearch.com/ https://cisback.aznresearch.com https://codepen.io/ https://aznresearch.sharepoint.com/ https://aznresearch-my.sharepoint.com/ https://onedrive.live.com/ *.google.com *.youtube.com *.facebook.com *.twitter.com;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
0 headers
No performance headers found
Caching Headers
3 headers
Cache-Control
Caching
no-cache
Expires
Caching
-1
Pragma
Caching
no-cache
Content Headers
2 headers
Content-Length
Content
600282
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
X-Powered-By
Server
ASP.NET
CORS Headers
1 headers
Access-Control-Allow-Origin
Cors
*
Cookies Headers
1 headers
Set-Cookie
Cookies
language=; path=/
Other Headers
2 headers
Date
Other
Mon, 17 Nov 2025 23:23:36 GMT
X-Permitted-Cross-Domain-Policies
Other
master-only
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology
Analysis completed in 1163ms