Open
Cached
·
1h ago
16
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=2592000
Content-Security-Policy
Basic
default-src; script-src; style-src; +3 more
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' kit.fontawesome.com kendo.cdn.telerik.com ka-p.fontawesome.com ka-f.fontawesome.com ajax.aspnetcdn.com cdn.datatables.net cdnjs.cloudflare.com cdn.jsdelivr.net code.jquery.com;style-src 'self' 'unsafe-inline' kit.fontawesome.com kendo.cdn.telerik.com stackpath.bootstrapcdn.com cdn.datatables.net ka-p.fontawesome.com ka-f.fontawesome.com kit-uploads.fontawesome.com;img-src 'self' blob: data: *.blob.core.windows.net kendo.cdn.telerik.com;font-src 'self' kit.fontawesome.com ka-p.fontawesome.com ka-f.fontawesome.com kendo.cdn.telerik.com;connect-src 'self' ka-p.fontawesome.com ka-f.fontawesome.com kit.fontawesome.com ws: http://localhost:*
X-Frame-Options
Good
SameOrigin
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer-when-downgrade
Permissions-Policy
Present
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
Performance Headers
2 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Caching Headers
2 headers
Cache-Control
Caching
no-store, no-cache, max-age=0
Pragma
Caching
no-cache
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
X-Powered-By
Server
ASP.NET
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
ARRAffinitySameSite=1058983f9492741eb52aa9d75ad97ad7a96a96ce2583b1ef1ff5fdd1bb7076ff;Path=/;HttpOnly;SameSite=None;Secure;Domain=as-exhibitors-westus-prod.azurewebsites.net
Other Headers
2 headers
Date
Other
Thu, 15 Jan 2026 02:08:29 GMT
Request-Context
Other
appId=cid-v1:1f9f8f1b-d0c6-4972-bd51-7ac01707d358
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology