Open
Cached
·
just now
43
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=15768000; includeSubdomains; preload;
Content-Security-Policy
Good
default-src; font-src; script-src; +7 more
default-src 'self' https://*.aau.dk https://*.azurewebsites.net https://*.dropbox.com https://*.dropboxusercontent.com https://podcastpusher.com https://*.doubleclick.net https://*.fonts.net https://*.linkedin.com https://*.facebook.com https://*.snapchat.com https://*.google.com https://*.youtube.com https://*.twitter.com https://*.survey-xact.dk https://*.microsoftonline.com https://*.office.com https://*.gstatic.com https://*.cookieinformation.com; font-src 'self' data: fonts.gstatic.com; script-src https://stats.g.doubleclick.net/ https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/ https://www.googletagmanager.com/ https://www.youtube-nocookie.com 'self' 'unsafe-inline' https://*.scratcher.io https://*.elfsightcdn.com https://*.snapchat.com https://*.readpeak.com https://*.sc-static.net https://*.licdn.com https://*.google.com https://*.googleapis.com https://*.elfsight.com https://*.googletagmanager.com https://*.google-analytics.com https://*.facebook.net https://*.twitter.com https://*.cookieinformation.com https://*.youtube.com https://*.vimeo.com; connect-src https://widget-data.service.elfsight.com https://core.service.elfsight.com https://public-eur.mkt.dynamics.com https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/ https://assets-eur.mkt.dynamics.com/ 'self' wss://aau-its-caai-shared-haandbog-prod.azurewebsites.net/ https://prod-aaudxp-vacancy-app.azurewebsites.net/ wss://aau-its-caai-studieservice-adgangstjek-prod.azurewebsites.net https://*.azurewebsites.net https://*.elfsightcdn.com https://*.aau.dk https://*.licdn.com https://*.linkedin.com https://*.google.com https://*.doubleclick.net https://*.snapchat.com https://*.oribi.io https://*.analytics.google.com https://*.googleapis.com https://*.elfsight.com https://*.google-analytics.com https://*.cookieinformation.com; img-src 'self' data: image/* https://*.aau.dk https://*.plan2learn.dk https://*.elfsight.com https://*.linkedin.com https://*.licdn.com https://*.googletagmanager.com https://*.google-analytics.com https://*.taboola.com https://*.doubleclick.net https://*.adnxs.com https://*.readpeak.com https://*.google.dk https://*.gstatic.com https://*.dropbox.com https://*.dropboxusercontent.com https://*.google.com https://*.twimg.com https://*.facebook.com https://*.vimeocdn.com https://*.ytimg.com https://*.youtube.com https://*.googleapis.com https://*.elfsightcdn.com; frame-src https://102nu.mjt.lu/ https://vimeo.com https://*.vimeo.com https://kuula.co https://madsheiselberg.github.io https://copilotstudio.preview.microsoft.com https://login.windows.net/ https://aaublanketterdev.powerappsportals.com/ http://mfc-print03.aau.dk https://assets-eur.mkt.dynamics.com/ https://serviceinfo.dk 'self' https://www.youtube-nocookie.com/ https://public-eur.mkt.dynamics.com https://*.geckobooking.dk https://*.powerapps.com https://cobe.dk https://*.powerbi.com https://*.scratcher.io https://*.youtube.com https://*.plandisc.com https://*.moodle.aau.dk https://*.matterport.com https://*.microsoftonline.com https://*.360company.dk https://*.snapchat.com https://*.spotify.com https://*.google.com https://*.vercel.app https://*.libraryh3lp.com https://*.aau.dk https://*.facebook.com https://*.survey-xact.dk https://*.office.com https://*.kuula.co https://*.cookieinformation.com ; style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com; base-uri 'self'; form-action 'self' https://*.facebook.com; frame-ancestors 'none';
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
no-referrer, strict-origin-when-cross-origin
Permissions-Policy
Present
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Strengthen CSP by removing 'unsafe-eval'
Performance Headers
2 headers
Connection
Performance
close
Vary
Performance
Accept-Encoding
Caching Headers
2 headers
Cache-Control
Caching
s-maxage=60, stale-while-revalidate
Etag
Caching
"b9c1uapu825iu6"
Content Headers
2 headers
Content-Length
Content
258191
Content-Type
Content
text/html; charset=utf-8
Server Headers
2 headers
Server
Server
nginx
X-Powered-By
Server
Next.js
CORS Headers
3 headers
Access-Control-Allow-Headers
Cors
aau-search-url, X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
Access-Control-Allow-Methods
Cors
GET,OPTIONS,POST
Access-Control-Allow-Origin
Cors
*
Cookies Headers
1 headers
Set-Cookie
Cookies
ARRAffinitySameSite=135b9a99f8b072edf02a32778bbfda4ba8e2dfb0f4d6b679502e0d22801f7e03;Path=/;HttpOnly;SameSite=None;Secure;Domain=www.aau.dk
Other Headers
24 headers
Client-Ip
Other
[fd40:4bde:12:6e2b:7912:100:a4c:1f04]:52634
Date
Other
Sat, 06 Dec 2025 00:22:46 GMT
Disguised-Host
Other
www.aau.dk
Host
Other
www.aau.dk
Max-Forwards
Other
10
Original-Path
Other
/
User-Agent
Other
mint/1.7.1
Was-Default-Hostname
Other
prod-aaudxp-website-001-app.azurewebsites.net
X-Appservice-Proto
Other
https
X-Arr-Log-Id
Other
2e60c564-a477-4cbb-879d-384d9155b9df
X-Arr-Ssl
Other
2048|256|CN=Microsoft Azure RSA TLS Issuing CA 08, O=Microsoft Corporation, C=US|CN=*.azurewebsites.net, O=Microsoft Corporation, L=Redmond, S=WA, C=US
X-Client-Ip
Other
10.76.31.4
X-Client-Port
Other
0
X-Forwarded-For
Other
216.246.40.66, 10.76.31.4
X-Forwarded-Host
Other
www.aau.dk
X-Forwarded-Port
Other
8080
X-Forwarded-Proto
Other
https
X-Forwarded-Tlsversion
Other
1.3
X-Middleware-Rewrite
Other
/_sites/aHR0cHM6Ly93d3cuYWF1LmRr/ISR/
X-Nextjs-Cache
Other
HIT
X-Original-Url
Other
/
X-Real-Ip
Other
216.246.40.66
X-Site-Deployment-Id
Other
prod-aaudxp-website-001-app
X-Waws-Unencoded-Url
Other
/
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology
Analysis completed in 831ms