HTTP Headers Analysis for https://oregon.gov

Detected Technologies from Headers

See all in URL Inspect 4

ASP.NET

AWS CloudFront

Microsoft IIS

Microsoft SharePoint

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Weak

frame-ancestors Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Significantly strengthen CSP directives
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Vary

Performance

Accept-Encoding

connection: close
vary: Accept-Encoding

Caching Headers

Cache-Control

Caching

private, max-age=0

Expires

Caching

Mon, 16 Mar 2026 21:13:59 GMT

Last-Modified

Caching

Tue, 31 Mar 2026 21:13:59 GMT

cache-control: private, max-age=0
expires: Mon, 16 Mar 2026 21:13:59 GMT
last-modified: Tue, 31 Mar 2026 21:13:59 GMT

Content Headers

Content-Length

Content

88953

Content-Type

Content

text/html; charset=utf-8

content-length: 88953
content-type: text/html; charset=utf-8

Server Headers

Server

Microsoft-IIS/10.0

X-Aspnet-Version

Server

4.0.30319

X-Powered-By

Server

ASP.NET

server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: BIGipServer~Oregon~OR-prd-SP-txdc.pool=rd1530o00000000000000000000ffffac1f214ao80; path=/; Httponly; Secure

Other Headers

Date

Other

Tue, 31 Mar 2026 21:13:59 GMT

Microsoftsharepointteamservices

Other

16.0.0.5513

Request-Id

Other

bd7e05a2-f8aa-5059-a10c-88a5eb5ff8a6

Spiislatency

Other

0

Sprequestduration

Other

71

Sprequestguid

Other

bd7e05a2-f8aa-5059-a10c-88a5eb5ff8a6

Via

Other

1.1 23f0cf40bc8d9ba714fa3998e5ef5366.cloudfront.net (CloudFront)

X-Amz-Cf-Id

Other

RioVXqM2gOwEuIx8vP_PLcyyJJboirly0W-8aXu-aXIARPTW3-lQiw==

X-Amz-Cf-Pop

Other

IAD55-P7

X-Cache

Other

Miss from cloudfront

X-Ms-Invokeapp

Other

1; RequireReadOnly

X-Sharepointhealthscore

Other

0

date: Tue, 31 Mar 2026 21:13:59 GMT
microsoftsharepointteamservices: 16.0.0.5513
request-id: bd7e05a2-f8aa-5059-a10c-88a5eb5ff8a6
spiislatency: 0
sprequestduration: 71
sprequestguid: bd7e05a2-f8aa-5059-a10c-88a5eb5ff8a6
via: 1.1 23f0cf40bc8d9ba714fa3998e5ef5366.cloudfront.net (CloudFront)
x-amz-cf-id: RioVXqM2gOwEuIx8vP_PLcyyJJboirly0W-8aXu-aXIARPTW3-lQiw==
x-amz-cf-pop: IAD55-P7
x-cache: Miss from cloudfront
x-ms-invokeapp: 1; RequireReadOnly
x-sharepointhealthscore: 0

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology