HTTP Headers Analysis for https://cno.benselect.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload;

Content-Security-Policy

Weak

upgrade-insecure-requests Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

same-origin

Permissions-Policy

Present

idle-detection=(*)

Recommendations

• Significantly strengthen CSP directives

Performance Headers

Connection

Performance

close

connection: close

Caching Headers

Cache-Control

Caching

no-cache

Expires

Caching

-1

Pragma

Caching

no-cache

cache-control: no-cache
expires: -1
pragma: no-cache

Content Headers

Content-Length

Content

24060

Content-Type

Content

text/html; charset=utf-8

content-length: 24060
content-type: text/html; charset=utf-8

Server Headers

No server headers found

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: CNORelease_EnrollmentSite_SessionID=bxh32e0hcyrgzj30gsw44t5n; path=/; HttpOnly; SameSite=None; secure; httponly; SameSite=None;
AFT_ID=e418b580-4e3d-4115-a188-61fc4afdcc45; path=/; HttpOnly; secure; httponly; SameSite=None;
.CNORelease_ETIEnroll=; expires=Tue, 12-Oct-1999 05:00:00 GMT; path=/; secure; HttpOnly; SameSite=None; secure; httponly; SameSite=None;

Other Headers

Date

Other

Wed, 13 May 2026 01:29:42 GMT

P3p

Other

CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

X-Responsefrom

Other

PLN11

X-Webserver

Other

WWW2PLN11

date: Wed, 13 May 2026 01:29:42 GMT
p3p: CP=&quot;IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT&quot;
x-responsefrom: PLN11
x-webserver: WWW2PLN11

Recommendations

Enable compression (gzip/brotli) to improve performance