HTTP Headers Analysis for https://loopappafdpreview.azurefd.net

Detected Technologies from Headers

See all in URL Inspect 2

Akamai

AzureFrontDoor

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Weak

require-trusted-types-for; trusted-types; worker-src; +1 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Significantly strengthen CSP directives
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Vary

Performance

Cookie

accept-ranges: bytes
connection: close
vary: Cookie

Caching Headers

Cache-Control

Caching

max-age=600, immutable

Last-Modified

Caching

Thu, 26 Mar 2026 21:49:55 GMT

cache-control: max-age=600, immutable
last-modified: Thu, 26 Mar 2026 21:49:55 GMT

Content Headers

Content-Length

Content

3365

Content-Type

Content

text/html

content-length: 3365
content-type: text/html

Server Headers

No server headers found

CORS Headers

Access-Control-Allow-Origin

Cors

*

Access-Control-Expose-Headers

Cors

*

access-control-allow-origin: *
access-control-expose-headers: *

Cookies Headers

No cookies headers found

Other Headers

Ak-Network

Other

FF

Akamai-Cache-Status

Other

Hit from child

Akamai-Request-Bc

Other

[a=23.33.30.146,b=1440612478,c=g,n=US_IL_CHICAGO,o=20940]

Alt-Svc

Other

h3=":443"; ma=93600,h3-29=":443"; ma=93600

Date

Other

Sun, 29 Mar 2026 20:58:25 GMT

Document-Policy

Other

js-profiling

Nel

Other

Report-To Group NelM365CDNUpload1 max-age: 1w

success: 1.0% failure: 100.0% include subdomains

Report-To

Other

Group NelM365CDNUpload1 max-age: 1w

Endpoint 1 https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=CHICAGO&ASN=20940&Country=US&Region=IL&RequestIdentifier=0.921e2117.1774817905.55de007e&TotalRTCDNTime=1&CompressionType=gzip&FileSize=1386

Server-Timing

Other

clientrtt; dur=1, clienttt; dur=, origin; dur=0 , cdntime; dur=0

Timing-Allow-Origin

Other

*

X-Azure-Ref

Other

20260329T205825Z-1846c57bb7dcklsjhC1CH1w0cs0000000cq0000000001k54

X-Cache

Other

CONFIG_NOCACHE

X-Cdn-Provider

Other

Akamai

X-Ms-Request-Id

Other

3f98c8c4-601e-0052-4d6a-bd14e8000000

ak-network: FF
akamai-cache-status: Hit from child
akamai-request-bc: [a=23.33.30.146,b=1440612478,c=g,n=US_IL_CHICAGO,o=20940]
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600
date: Sun, 29 Mar 2026 20:58:25 GMT
document-policy: js-profiling
nel: {"report_to":"NelM365CDNUpload1","max_age":604800,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
report-to: {"group":"NelM365CDNUpload1","max_age":604800,"endpoints":[{"url":"https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=CHICAGO&ASN=20940&Country=US&Region=IL&RequestIdentifier=0.921e2117.1774817905.55de007e&TotalRTCDNTime=1&CompressionType=gzip&FileSize=1386"}],"include_subdomains ":true}
server-timing: clientrtt; dur=1, clienttt; dur=, origin; dur=0 , cdntime; dur=0
timing-allow-origin: *
x-azure-ref: 20260329T205825Z-1846c57bb7dcklsjhC1CH1w0cs0000000cq0000000001k54
x-cache: CONFIG_NOCACHE
x-cdn-provider: Akamai
x-ms-request-id: 3f98c8c4-601e-0052-4d6a-bd14e8000000

Recommendations

Enable compression (gzip/brotli) to improve performance