Open
Cached
·
just now
16
Headers
Detected Technologies from Headers
ASP.NET
AWS CloudFront
BootstrapCDN
Cloudflare
Cloudflare CDN
Cloudflare CDNJS
Google Analytics
Google API JS Client
Google DoubleClick
Google Fonts
Google Hosted Libraries
Google reCAPTCHA
Google Search
Google Static File Front End
Google Tag Manager
Hotjar
ipify
jQuery
Microsoft Azure
Microsoft IIS
Vimeo
Google Cloud
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000;includeSubDomains
X-Frame-Options
Good
sameorigin
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
Connection
close
connection: close
Caching Headers
Cache-Control
no-cache
Expires
-1
Pragma
no-cache
cache-control: no-cache expires: -1 pragma: no-cache
Content Headers
Content-Length
52959
Content-Type
text/html; charset=utf-8
content-length: 52959 content-type: text/html; charset=utf-8
Server Headers
Server
Microsoft-IIS/10.0
X-Aspnet-Version
4.0.30319
X-Powered-By
ASP.NET
server: Microsoft-IIS/10.0 x-aspnet-version: 4.0.30319 x-powered-by: ASP.NET
CORS Headers
No CORS headers found
Cookies Headers
Set-Cookie
ASP.NET_SessionId
1n2v3rp53qeucyya3l5vtcdc
1n2v3rp53qeucyya3l5vtcdc
path=/
SameSite=Lax
secure
HttpOnly
Other Headers
Date
Sat, 04 Apr 2026 08:41:01 GMT
date: Sat, 04 Apr 2026 08:41:01 GMT
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology