HTTP Headers Analysis for https://codescan.abb.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; object-src; font-src

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

1 headers

Connection

Performance

close

Caching Headers

1 headers

Cache-Control

Caching

no-cache, no-store, must-revalidate

Content Headers

2 headers

Content-Length

Content

2118

Content-Type

Content

text/html;charset=utf-8

Server Headers

1 headers

X-Powered-By

Server

ARR/3.0

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

AzureAppProxyAnalyticCookie_b38129db-ac62-4b54-b1b4-8d139d783033_https_1.3=MGD:MIIBvQYJKoZIhvcNAQcDoIIBrjCCAaoCAQIxggEwooIBLAIBBDCB7wRUTAAAAAAAAAABAAAAS0RTSwYAAABrAQAAGwAAABEAAAAjy5Hi6T7N+ThtoqgyrlYOIAAAAPJQXPEOXZedj0rCUVSDCBdAgtbz9vq92g42dmv91vZlMIGWBgkrBgEEAYI3SgEwgYgGCisGAQQBgjdKAQ0wejB4MHYMBERTVFMMbmZyYW5jZWMtZGtkcy5ka2RzLmNvcmUud2luZG93cy5uZXQ7aHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvbmFtZTtjd2FwcHJveHlka2RzZXVyMAsGCWCGSAFlAwQBLQQoDuxQVc7rM16aBB60Sr3DFswD8eRRHjdQIYXyGkGgNCaqvDOlk7Y/OTBxBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDGaqGw1doJ8H6FkvEgIBEIBESVMmshsx5RisTVLqxwqJKwmdaw8BZW3hGdk8RPkz+eQoGtztU0NJSegYEmjR0e6FxV+I6EZrWnsn996nAjBU7kiuHFg=; path=/; Secure; SameSite=None

Other Headers

13 headers

Date

Other

Tue, 20 Jan 2026 04:05:42 GMT

Nel

Other

{"report_to":"network-errors","max_age":86400,"success_fraction":0.2,"failure_fraction":1.0}

Report-To

Other

{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ffde.nelreports.net/api/report?cat=proxy-appproxy-FRC-PAR03P-3"}]}

Server-Timing

Other

dtSInfo;desc="0", dtRpid;desc="-641533852"

X-Forwarded-Proto

Other

https

X-Ms-Proxy-App-Id

Other

b38129db-ac62-4b54-b1b4-8d139d783033

X-Ms-Proxy-Connector-Id

Other

5759e2ea-df82-47d9-aee4-fed18b4f187d

X-Ms-Proxy-Data-Center

Other

FRC

X-Ms-Proxy-Group-Id

Other

5be71a1a-9a99-459a-be17-2628e946f3f1

X-Ms-Proxy-Service-Name

Other

proxy-appproxy-FRC-PAR03P-3

X-Ms-Proxy-Subscription-Id

Other

372ee9e0-9ce0-4033-a64a-c07073a91ecd

X-Ms-Proxy-Transaction-Id

Other

ed0c4f8a-44aa-4c72-8561-57d3f318a73d

X-Oneagent-Js-Injection

Other

true

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology