HTTP Headers Analysis for https://afd.forms.office.com

Detected Technologies from Headers

See all in URL Inspect 1

Microsoft 365

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=2592000; includeSubDomains

Content-Security-Policy

Basic

object-src; script-src; base-uri; +3 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

connection: close
transfer-encoding: chunked

Caching Headers

Cache-Control

Caching

no-cache, no-store, must-revalidate

Expires

Caching

0

Pragma

Caching

no-cache

cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache

Content Headers

Content-Type

Content

text/html; charset=utf-8

content-type: text/html; charset=utf-8

Server Headers

No server headers found

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: FormsWebSessionId=03a9319d-f9b2-4ba3-91c5-fd7237009a08; max-age=2592000; path=/; secure; samesite=none; httponly

Other Headers

Date

Other

Sun, 12 Apr 2026 22:05:56 GMT

Link

Other

URL

https://forms.office.com/cdn

rel=preconnect crossorigin=anonymous

Report-To

Other

Group endpoint-1 max-age: 3y

Endpoint 1 https://csp.microsoft.com/report/Forms-PROD

X-Cache

Other

CONFIG_NOCACHE

X-Correlationid

Other

5ea38e2e-528c-4658-8d8c-571f585b6cec

X-Msedge-Ref

Other

Ref A: 9D228CA5272E4A47A931AECD005C7F4D Ref B: BL2EDGE1418 Ref C: 2026-04-12T22:05:57Z

X-Officecluster

Other

eus2-101.forms.office.com

X-Officefe

Other

FormsSingleBox_IN_0

X-Officeversion

Other

16.0.20009.42500

X-Routingcorrelationid

Other

5ea38e2e-528c-4658-8d8c-571f585b6cec

X-Routingofficecluster

Other

eus2-100.forms.office.com

X-Routingofficefe

Other

FormsSingleBox_IN_1

X-Routingofficeversion

Other

16.0.20009.42500

X-Routingsessionid

Other

4bdb13bd-24af-4866-9c2c-ed1e6312fb09

X-Usersessionid

Other

4bdb13bd-24af-4866-9c2c-ed1e6312fb09

date: Sun, 12 Apr 2026 22:05:56 GMT
link: <https://forms.office.com/cdn>; rel=preconnect; crossorigin=anonymous
report-to: { "group": "endpoint-1", "max_age": 108864000, "endpoints": [ { "url": "https://csp.microsoft.com/report/Forms-PROD" }] }
x-cache: CONFIG_NOCACHE
x-correlationid: 5ea38e2e-528c-4658-8d8c-571f585b6cec
x-msedge-ref: Ref A: 9D228CA5272E4A47A931AECD005C7F4D Ref B: BL2EDGE1418 Ref C: 2026-04-12T22:05:57Z
x-officecluster: eus2-101.forms.office.com
x-officefe: FormsSingleBox_IN_0
x-officeversion: 16.0.20009.42500
x-routingcorrelationid: 5ea38e2e-528c-4658-8d8c-571f585b6cec
x-routingofficecluster: eus2-100.forms.office.com
x-routingofficefe: FormsSingleBox_IN_1
x-routingofficeversion: 16.0.20009.42500
x-routingsessionid: 4bdb13bd-24af-4866-9c2c-ed1e6312fb09
x-usersessionid: 4bdb13bd-24af-4866-9c2c-ed1e6312fb09

Recommendations

Enable compression (gzip/brotli) to improve performance