Open
Cached
·
just now
16
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Good
default-src; connect-src; img-src; +9 more
default-src 'self' https://chatbotplatform-prod-tokengenerator.azurewebsites.net https://directline.botframework.com/ http://localhost:7071/api/generate_token/;connect-src 'self' https://chatbotplatform-prod-tokengenerator.azurewebsites.net wss: https://directline.botframework.com/ http://localhost:7071/api/generate_token/;img-src 'self' blob: data: https://cpprodfilecdn.blob.core.windows.net https://webimages.imagebank.abb.com https://cdn.productimages.abb.com/;style-src 'self' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'unsafe-inline';script-src 'self' 'sha256-Yz2QefcX8Ip9owntlCG4y4gI9nfcCBhU6LzSTZ6yl7c=';object-src 'none';frame-ancestors *;base-uri 'self';font-src 'self' https: data:;form-action 'self';script-src-attr 'none';upgrade-insecure-requests
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
same-origin
Permissions-Policy
Present
fullscreen=(self)
Recommendations
- • Strengthen CSP by removing 'unsafe-eval'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
Performance Headers
2 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Caching Headers
3 headers
Cache-Control
Caching
public, max-age=0
Etag
Caching
W/"254-195c7dffc60"
Last-Modified
Caching
Mon, 24 Mar 2025 11:18:20 GMT
Content Headers
2 headers
Content-Length
Content
596
Content-Type
Content
text/html; charset=UTF-8
Server Headers
1 headers
X-Powered-By
Server
Express
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
ARRAffinitySameSite=d5e0f134be73c140ed7ab811840f27282cfff4fc60d20d70b564f4b51de3a83b;Path=/;HttpOnly;SameSite=None;Secure;Domain=chatbotplatform-prod-webchat.azurewebsites.net
Other Headers
2 headers
Date
Other
Fri, 16 Jan 2026 06:12:09 GMT
Request-Context
Other
appId=cid-v1:260a7c9c-bfe4-4475-ae4c-4dd806ebf47e
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology