HTTP Headers Analysis for https://login.springbrooksoftware.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=2592000

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

1 headers

Connection

Performance

close

Caching Headers

0 headers

No caching headers found

Content Headers

1 headers

Content-Length

Content

0

Server Headers

2 headers

Server

cloudflare

X-Powered-By

Server

ASP.NET

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

__cf_bm=V4SHvjIJG.Cc_kDdJiuDMNlclbWoUKYtPlb4weq1btY-1769954814-1.0.1.1-_WAZH3LEqejRwmQS31tDkofo629DLFbBj3hZBvuIE8bupGP4BZBoKVSLM_IBQP2Qh5iMDyYAVgxxLUlu8.pRBVk3jfgKmWHR26cNqOp31gY; path=/; expires=Sun, 01-Feb-26 14:36:54 GMT; domain=.springbrooksoftware.com; HttpOnly; Secure; SameSite=None

Other Headers

4 headers

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9c7203156a19f28b-IAD

Date

Other

Sun, 01 Feb 2026 14:06:54 GMT

Location

Other

https://login-prod.springbrooksoftware.com/authorize?client_id=axKrWkVsScypSyq5w70IcdJJ7jbQaswk&redirect_uri=https%3A%2F%2Fportal.springbrooksoftware.com%2Fcallback&response_type=code&scope=openid%20profile%20email&code_challenge=dzD4TF73vsUYHRdJ6RU5Z8A0-KIYzWtgJpVC0di622g&code_challenge_method=S256&response_mode=form_post&nonce=639055516145328704.MTdkZjM2OTctNzZkZC00M2Y0LTllMjQtMTFmYzFmODgxMjQwYzA0MTY5OTUtYWViNy00NzUzLThlM2MtZWNhOTMzNjZmMzc3&state=CfDJ8DsI8KYxT4xIjO82UzY_MTFw3JwlaN3nr2FFrEhUizYi870cRFKXmalvt6fxD9F8tAidSGzRsrtvP0jfKulaabEB-UcQydAK-ppE3zRjGSsMX1Fiuy-PFtgs9SyIMqpGvUhpuph6gkWXPTe6_SnMOZxPOgLiUj2eBlREOU1FO9BtRMR7n1Tv-4Zt0aYLyK9yCn0U3kuwGKtapC1D0s5g14VffVXWLItJe4GziashvwmfC1M7gyl-26DIrfqf7EQBy8qGhhH_EX6_RUqGlhHafGMnXqtgP-pfJ2mbN6uoKKzsYto0SIDrcsbBW0zXYc1W50C_3A46hZyL0qlzLJTC5v-BAJAJAyNYY6YtL256q4bOoHG2_S-oJNcI9fJZ953sKA&x-client-SKU=ID_NET8_0&x-client-ver=7.1.2.0

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching

Consider removing X-Powered-By header to hide server technology