Open
Cached
·
just now
17
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Good
script-src; report-uri; default-src; +5 more
script-src 'self' *.google-analytics.com https://js.monitor.azure.com 'nonce-D+sifR5FxUw2EzjTABdIboZm9+zRE4lN4yBo/66PCM4='; report-uri https://report-to-api.raygun.com/reports-csp?apikey=tPTrVWqsBf/hu5ofZzSQtA==; default-src 'self'; connect-src *.google-analytics.com *.services.visualstudio.com *.monitor.azure.com *.applicationinsights.azure.com 'self'; img-src 'self' *.google-analytics.com https://www.google.com https://www.google.at https://www.google.be https://www.google.bg https://www.google.bh https://www.google.ca https://www.google.cn https://www.google.cz https://www.google.de https://www.google.dz https://www.google.es https://www.google.fi https://www.google.fr https://www.google.gg https://www.google.gi https://www.google.hr https://www.google.id https://www.google.ie https://www.google.il https://www.google.im https://www.google.it https://www.google.je https://www.google.mu https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ro https://www.google.co.id https://www.google.co.in https://www.google.co.jp https://www.google.co.kr https://www.google.co.nz https://www.google.co.ug https://www.google.co.uk https://www.google.co.za https://www.google.com.ag https://www.google.com.au https://www.google.com.bh https://www.google.com.br https://www.google.com.cy https://www.google.com.et https://www.google.com.fj https://www.google.com.gi https://www.google.com.hk https://www.google.com.mx https://www.google.com.my https://www.google.com.uy https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pt https://www.google.com.sg https://www.google.com.ua https://www.google.com.vn; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'self'
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
accelerometer=(), gyroscope=(), magnetometer=(), midi=(), payment=(), usb=(), serial=(), hid=(), bluetooth=(), xr-spatial-tracking=()
Recommendations
- • Strengthen CSP by removing 'unsafe-eval'
Performance Headers
2 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Caching Headers
2 headers
Cache-Control
Caching
no-cache, no-store
Pragma
Caching
no-cache
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
0 headers
No server headers found
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
.AspNetCore.Antiforgery.cdV5uW_Ejgc=CfDJ8Lqqn2QyGWlCtNe2Suw2kwHT6ZableAjnkx4_qPWiwEI5ziFgh4SV8BeelOhI-XPTW9Bc90vyGrBhghhiMs9co9ly1NsZu90gBwCe22f1YJJVcBRn8C7tpz3fjG4p4aC-JtlRoNvu4eGHcPIq_h-VKk; path=/; samesite=strict; httponly
Other Headers
4 headers
Date
Other
Thu, 29 Jan 2026 04:27:35 GMT
Request-Context
Other
appId=cid-v1:f46cad51-d4d9-4051-85da-df3d6659cd1b
X-Azure-Ref
Other
20260129T042735Z-15f58cd6c75jxjmhhC1BL1fxpg00000004v0000000008tq2
X-Cache
Other
CONFIG_NOCACHE
Recommendations
Enable compression (gzip/brotli) to improve performance