HTTP Headers Analysis for https://cab.md

Detected Technologies from Headers

See all in URL Inspect 1

AzureFrontDoor

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=2592000;

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Good

no-referrer-when-downgrade

Permissions-Policy

Present

accelerometer=(), camera=(), magnetometer=(); +3 more

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Content-Type-Options: nosniff

Performance Headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

accept-ranges: bytes
connection: close

Caching Headers

Cache-Control

Caching

private

cache-control: private

Content Headers

Content-Length

Content

43145

Content-Type

Content

text/html; charset=utf-8

content-length: 43145
content-type: text/html; charset=utf-8

Server Headers

No server headers found

CORS Headers

Access-Control-Allow-Origin

Cors

*

Access-Control-Expose-Headers

Cors

Request-Context, date, server, via, x-azure-ref, x-msedge-ref, x-request-id, request-id, x-correlation-id, x-cabmd-request-id, x-forwarded-for, alt-svc

access-control-allow-origin: *
access-control-expose-headers: Request-Context, date, server, via, x-azure-ref, x-msedge-ref, x-request-id, request-id, x-correlation-id, x-cabmd-request-id, x-forwarded-for, alt-svc

Cookies Headers

Set-Cookie

Cookies

set-cookie: __AntiXsrfToken=48544376d6f84a61bb37aebe790895de; path=/; HttpOnly
ARRAffinity=f2bea53e8ce2975eeb1a5cc5dd00341437a9f17cdab583b99781a21171d0d2d7;Path=/;HttpOnly;Secure;Domain=cabmd1.azurewebsites.net
ARRAffinitySameSite=f2bea53e8ce2975eeb1a5cc5dd00341437a9f17cdab583b99781a21171d0d2d7;Path=/;HttpOnly;SameSite=None;Secure;Domain=cabmd1.azurewebsites.net
ASLBSA=00032b04fa0b5f5abc6ed484856d3bcba6db53a2dc6ba91cad36e9a02bdc86052f15; Path=/; Secure; HttpOnly;
ASLBSACORS=00032b04fa0b5f5abc6ed484856d3bcba6db53a2dc6ba91cad36e9a02bdc86052f15; SameSite=none; Path=/; Secure; HttpOnly;

Other Headers

Date

Other

Wed, 06 May 2026 04:03:58 GMT

Nel

Other

Report-To Group default max-age: 52w

include subdomains

P3p

Other

policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Report-To

Other

Group default max-age: 52w

Endpoint 1 https://cabmd.report-uri.com/a/d/g

Request-Context

Other

appId=cid-v1:58fd84ac-508a-4c38-8f96-d020e1d965cf

X-Azure-Ref

Other

20260506T040358Z-r176bd6cd68wxkbjhC1BL1pk8n0000000y6000000000fbyn

X-Cache

Other

CONFIG_NOCACHE

X-Ua-Compatible

Other

IE=Edge,chrome=1

date: Wed, 06 May 2026 04:03:58 GMT
nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
p3p: policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://cabmd.report-uri.com/a/d/g"}],"include_subdomains":true}
request-context: appId=cid-v1:58fd84ac-508a-4c38-8f96-d020e1d965cf
x-azure-ref: 20260506T040358Z-r176bd6cd68wxkbjhC1BL1pk8n0000000y6000000000fbyn
x-cache: CONFIG_NOCACHE
x-ua-compatible: IE=Edge,chrome=1

Recommendations

Enable compression (gzip/brotli) to improve performance