HTTP Headers Analysis for https://stagingciq.com

Detected Technologies from Headers

See all in URL Inspect 14

ASP.NET

Chameleon

Google Analytics

Google Hosted Libraries

Google reCAPTCHA

Google Search

Google Static File Front End

Google Tag Manager

Heap

OneTrust

Parse.ly

Salesforce Cloud

Salesforce Sites

Google Cloud

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Basic

script-src; object-src; worker-src; +1 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Present

"ALLOW-FROM https://www.capitaliqqa.spglobal.com", "ALLOW-FROM https://www.capitaliqstg.spglobal.cn", "ALLOW-FROM https://capitaliqstg.spglobal.com", "ALLOW-FROM https://www.capitaliqstg.spglobal.com", "ALLOW-FROM https://platform.midevcld.spglobal.com", "ALLOW-FROM https://platform.midevcld.spglobal.com", "ALLOW-FROM https://www.platform.midevcld.spglobal.com", "ALLOW-FROM https://platform.midevcld.spglobal.cn", "ALLOW-FROM https://www.platform.midevcld.spglobal.cn", "ALLOW-FROM https://platform.midev.spglobal.com", "ALLOW-FROM https://platform.plattsdev.spglobal.com", "ALLOW-FROM https://www.platform.plattsdev.spglobal.com", "ALLOW-FROM https://platform.ratings360dev.spglobal.com", "ALLOW-FROM https://www.platform.ratings360dev.spglobal.com", "ALLOW-FROM https://www.snldev.int", "ALLOW-FROM https://www.platform.midev.spglobal.com", "ALLOW-FROM https://platform.mistagecld.spglobal.com", "ALLOW-FROM https://platform.mistagecld.spglobal.com", "ALLOW-FROM https://www.platform.mistagecld.spglobal.com", "ALLOW-FROM https://platform.mistage.spglobal.com", "ALLOW-FROM https://www.platform.mistage.spglobal.com", "ALLOW-FROM https://platform.plattsstg.spglobal.com", "ALLOW-FROM https://www.platform.plattsstg.spglobal.com", "ALLOW-FROM https://platform.ratings360stg.spglobal.com", "ALLOW-FROM https://www.platform.ratings360stg.spglobal.com", "ALLOW-FROM https://platform-as.mistagecld.spglobal.com", "ALLOW-FROM https://www.platform-as.mistagecld.spglobal.com", "ALLOW-FROM https://www.snlnet.com", "ALLOW-FROM https://platform.spgistg.spglobal.cn", "ALLOW-FROM https://www.platform.spgistg.spglobal.cn"

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

connection: close

Caching Headers

Cache-Control

Caching

private

cache-control: private

Content Headers

Content-Length

Content

26657

Content-Type

Content

text/html; charset=utf-8

content-length: 26657
content-type: text/html; charset=utf-8

Server Headers

Server

X-Aspnet-Version

Server

X-Powered-By

Server

server: 
x-aspnet-version: 
x-powered-by:

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: AWSALBTG=3ssUTIk8bPXCdkyWl4mNk0LKsGLyPIAba8RAsLu/f2ldYjVXJ4XzI2GuCV4H35hlTPZDG+L2FNwKuXiLT1GdzqzVtJHbq4YiJbksniIzJgArBuEj6vD4cOYjPWdnShUkVwmeQ3dSKeppo8iUOFvo+FvDXH+VV3wwNX5R25aKcR5FTkTJ1uc=; Expires=Sat, 16 May 2026 11:23:06 GMT; Path=/
AWSALBTGCORS=3ssUTIk8bPXCdkyWl4mNk0LKsGLyPIAba8RAsLu/f2ldYjVXJ4XzI2GuCV4H35hlTPZDG+L2FNwKuXiLT1GdzqzVtJHbq4YiJbksniIzJgArBuEj6vD4cOYjPWdnShUkVwmeQ3dSKeppo8iUOFvo+FvDXH+VV3wwNX5R25aKcR5FTkTJ1uc=; Expires=Sat, 16 May 2026 11:23:06 GMT; Path=/; SameSite=None; Secure
AWSALB=gWL+CZNyZzr66Fp0K4MDmcq1c/cDwO9d9c7GgE05IfWXYLy0TO8R2PV9hDRkf6OCGLIM5cRG0dE6whyfuxpRnqoMx3oeg9k4FgWMOp9nNwoJZP1YajzTVEztYZhC; Expires=Sat, 16 May 2026 11:23:06 GMT; Path=/
AWSALBCORS=gWL+CZNyZzr66Fp0K4MDmcq1c/cDwO9d9c7GgE05IfWXYLy0TO8R2PV9hDRkf6OCGLIM5cRG0dE6whyfuxpRnqoMx3oeg9k4FgWMOp9nNwoJZP1YajzTVEztYZhC; Expires=Sat, 16 May 2026 11:23:06 GMT; Path=/; SameSite=None; Secure
machineIdCookie=544397888; Secure; SameSite=none; domain=.stagingciq.com; expires=Thu, 05-Nov-2026 12:23:06 GMT; path=/; secure; HttpOnly

Other Headers

Date

Other

Sat, 09 May 2026 11:23:06 GMT

X-Content-Security-Policy

Other

frame-ancestors https://www.platform.spgistg.spglobal.cn https://platform.spgistg.spglobal.cn https://www.snlnet.com https://www.platform-as.mistagecld.spglobal.com https://platform-as.mistagecld.spglobal.com https://www.platform.ratings360stg.spglobal.com https://platform.ratings360stg.spglobal.com https://www.platform.plattsstg.spglobal.com https://platform.plattsstg.spglobal.com https://www.platform.mistage.spglobal.com https://platform.mistage.spglobal.com https://www.platform.mistagecld.spglobal.com https://platform.mistagecld.spglobal.com https://www.platform.midev.spglobal.com https://www.snldev.int https://www.platform.ratings360dev.spglobal.com https://platform.ratings360dev.spglobal.com https://www.platform.plattsdev.spglobal.com https://platform.plattsdev.spglobal.com https://platform.midev.spglobal.com https://www.platform.midevcld.spglobal.cn https://platform.midevcld.spglobal.cn https://www.platform.midevcld.spglobal.com https://platform.midevcld.spglobal.com https://www.capitaliqstg.spglobal.com https://capitaliqstg.spglobal.com https://www.capitaliqstg.spglobal.cn https://www.capitaliqqa.spglobal.com https://www.capitaliqdev.spglobal.com https://www.capitaliqdev.spglobal.cn https://www.testciq.com https://www-av.testciq.com https://www-av.stagingciq.com https://www.stagingciq.com 'self';

date: Sat, 09 May 2026 11:23:06 GMT
x-content-security-policy: frame-ancestors https://www.platform.spgistg.spglobal.cn https://platform.spgistg.spglobal.cn https://www.snlnet.com https://www.platform-as.mistagecld.spglobal.com https://platform-as.mistagecld.spglobal.com https://www.platform.ratings360stg.spglobal.com https://platform.ratings360stg.spglobal.com https://www.platform.plattsstg.spglobal.com https://platform.plattsstg.spglobal.com  https://www.platform.mistage.spglobal.com https://platform.mistage.spglobal.com https://www.platform.mistagecld.spglobal.com https://platform.mistagecld.spglobal.com https://www.platform.midev.spglobal.com  https://www.snldev.int https://www.platform.ratings360dev.spglobal.com https://platform.ratings360dev.spglobal.com https://www.platform.plattsdev.spglobal.com https://platform.plattsdev.spglobal.com  https://platform.midev.spglobal.com https://www.platform.midevcld.spglobal.cn https://platform.midevcld.spglobal.cn https://www.platform.midevcld.spglobal.com https://platform.midevcld.spglobal.com https://www.capitaliqstg.spglobal.com https://capitaliqstg.spglobal.com https://www.capitaliqstg.spglobal.cn https://www.capitaliqqa.spglobal.com https://www.capitaliqdev.spglobal.com https://www.capitaliqdev.spglobal.cn https://www.testciq.com https://www-av.testciq.com https://www-av.stagingciq.com https://www.stagingciq.com 'self';

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology