HTTP Headers Analysis for https://cloud.saloniris.com

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Basic

default-src; script-src; frame-src; +3 more

default-src 'self' ws: wss: https://*.duda.co https://*.dssvc.io https://*.saloniris.com https://*.123petsoftware.com https://*.orchidmedicalspasoftware.com https://*.inkbooktattoosoftware.com https://*.hotjar.com https://*.hotjar.io https://*.mxpnl.com https://*.pendo.io https://www.googletagmanager.com https://www.google-analytics.com https://*.daysmartsalon.com https://*.daysmartpet.com https://*.daysmartbodyart.com https://*.daysmartspa.com https://*.newrelic.com https://*.loom.com https://*.launchdarkly.com https://stats.g.doubleclick.net https://*.mixpanel.com https://*.nr-data.net https://*.walkme.com http://localhost:51943 https://*.daysmart.com https://*.amazonaws.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.stripe.com https://unpkg.com https://*.dsforms.com https://dsforms.com https://*.daysmartpayments.com https://*.intercom.io https://cdnjs.cloudflare.com/ajax/libs/font-awesome/*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.duda.co https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.hotjar.com https://*.mxpnl.com https://*.pendo.io https://www.googletagmanager.com https://www.google-analytics.com https://*.newrelic.com https://*.nr-data.net https://*.walkme.com https://*.stripe.com https://*.daysmartpayments.com https://*.intercom.io https://*.intercomcdn.com; frame-src blob: https://*.google.com https://feedback.daysmart.com https://daysmart-repman-static.s3.amazonaws.com https://reviews.goteamup.com https://*.dssvc.io https://*.cardconnect.com:* https://*.hotjar.com https://*.daysmartsalon.com https://*.daysmartpet.com https://*.daysmartbodyart.com https://*.daysmartspa.com https://*.dsforms.com https://dsforms.com https://*.daysmartpayments.com https://*.t3secure.net https://*.walkme.com https://*.pendo.io https://*.stripe.com https://*.loom.com https://intercom-sheets.com https://*.intercom-reporting.com; style-src * 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/*; font-src * data:; img-src https: data:

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin

Permissions-Policy

Present

camera=*,microphone=*, accelerometer=(),autoplay=(),encrypted-media=(),geolocation=(), gyroscope=(),magnetometer=(),midi=(),payment=(*),picture-in-picture=(), sync-xhr=(),usb=(),xr-spatial-tracking=()

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking

Performance Headers

1 headers

Connection

Performance

Close

Caching Headers

0 headers

No caching headers found

Content Headers

1 headers

Content-Length

Content

0

Server Headers

2 headers

Server

Microsoft-IIS/10.0

X-Powered-By

Server

ASP.NET

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

2 headers

Date

Other

Tue, 27 Jan 2026 19:03:24 GMT

Location

Other

/Home/

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching

Consider removing X-Powered-By header to hide server technology