HTTP Headers report for sentosa.com.sg

Header Name	Header Data
HTTP status code	200
X-Content-Type-Options	nosniff
Date	Sun, 20 Apr 2025 18:11:55 GMT
Connection	keep-alive
Access-Control-Expose-Headers	Request-Context
Content-Security-Policy	frame-ancestors 'self'; img-src https: data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.wogaa.sg/ https://cdn.eye-able.com/; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://assets.wogaa.sg/fonts/; upgrade-insecure-requests; block-all-mixed-content;
X-Iinfo	14-53082153-53082154 NNYN CT(7 21 0) RT(1745172713914 3) q(0 0 1 0) r(1 15) U24
Set-Cookie	ASP.NET_SessionId=umricsmmy1c4soai0gf3i3ww; path=/; secure; HttpOnly; SameSite=None
Vary	Accept-Encoding
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Permitted-Cross-Domain-Policies	none
X-Xss-Protection	0
X-Fd-Int-Roxy-Purgeid	0
Content-Type	text/html; charset=utf-8
Cache-Control	private
Request-Context	appId=cid-v1:0baabeb9-7629-4880-9f80-30ec0bfc9616
Referrer-Policy	no-referrer
X-Cache	PRIVATE_NOSTORE
Accept-Ranges	bytes
X-Cdn	Imperva
Access-Control-Allow-Origin	https://sentosa-prod-cd.azurewebsites.net
Permissions-Policy	accelerometer=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), payment=(self), usb=(self)
X-Frame-Options	SAMEORIGIN
X-Azure-Ref	20250420T181153Z-r175cd98c7ct9lkdhC1DUS8274000000093g000000000fpb

About the tool

By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.

This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.

We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.

Watch it now at TrustRadar