HTTP Headers Analysis for https://loopappafdprod.azurefd.net

Detected Technologies from Headers

See all in URL Inspect 2

Akamai Active incidents

AzureFrontDoor

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Weak

require-trusted-types-for; trusted-types; worker-src; +1 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Significantly strengthen CSP directives
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Vary

Performance

Cookie

accept-ranges: bytes
connection: close
vary: Cookie

Caching Headers

Cache-Control

Caching

max-age=600, immutable

Last-Modified

Caching

Tue, 31 Mar 2026 19:06:56 GMT

cache-control: max-age=600, immutable
last-modified: Tue, 31 Mar 2026 19:06:56 GMT

Content Headers

Content-Length

Content

3361

Content-Type

Content

text/html

content-length: 3361
content-type: text/html

Server Headers

No server headers found

CORS Headers

Access-Control-Allow-Origin

Cors

*

Access-Control-Expose-Headers

Cors

*

access-control-allow-origin: *
access-control-expose-headers: *

Cookies Headers

No cookies headers found

Other Headers

Ak-Network

Other

FF

Akamai-Cache-Status

Other

Hit from child

Akamai-Request-Bc

Other

[a=23.45.172.201,b=241103313,c=g,n=US_NJ_EDISON,o=20940]

Alt-Svc

Other

h3=":443"; ma=93600,h3-29=":443"; ma=93600

Date

Other

Tue, 31 Mar 2026 19:37:43 GMT

Document-Policy

Other

js-profiling

Nel

Other

Report-To Group NelM365CDNUpload1 max-age: 1w

success: 1.0% failure: 100.0% include subdomains

Report-To

Other

Group NelM365CDNUpload1 max-age: 1w

Endpoint 1 https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=EDISON&ASN=20940&Country=US&Region=NJ&RequestIdentifier=0.c9ac2d17.1774985863.e5ef1d1&TotalRTCDNTime=7&CompressionType=gzip&FileSize=1382

Server-Timing

Other

clientrtt; dur=7, clienttt; dur=, origin; dur=0 , cdntime; dur=0

Timing-Allow-Origin

Other

*

X-Azure-Ref

Other

20260331T193743Z-15467dc9899j9567hC1IADunb40000000neg00000000knwr

X-Cache

Other

CONFIG_NOCACHE

X-Cdn-Provider

Other

Akamai

X-Ms-Request-Id

Other

eccf33ca-b01e-0044-6141-c175a8000000

ak-network: FF
akamai-cache-status: Hit from child
akamai-request-bc: [a=23.45.172.201,b=241103313,c=g,n=US_NJ_EDISON,o=20940]
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600
date: Tue, 31 Mar 2026 19:37:43 GMT
document-policy: js-profiling
nel: {"report_to":"NelM365CDNUpload1","max_age":604800,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
report-to: {"group":"NelM365CDNUpload1","max_age":604800,"endpoints":[{"url":"https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=EDISON&ASN=20940&Country=US&Region=NJ&RequestIdentifier=0.c9ac2d17.1774985863.e5ef1d1&TotalRTCDNTime=7&CompressionType=gzip&FileSize=1382"}],"include_subdomains ":true}
server-timing: clientrtt; dur=7, clienttt; dur=, origin; dur=0 , cdntime; dur=0
timing-allow-origin: *
x-azure-ref: 20260331T193743Z-15467dc9899j9567hC1IADunb40000000neg00000000knwr
x-cache: CONFIG_NOCACHE
x-cdn-provider: Akamai
x-ms-request-id: eccf33ca-b01e-0044-6141-c175a8000000

Recommendations

Enable compression (gzip/brotli) to improve performance