HTTP Headers Analysis for https://auth.copilot.microsoft.com

Detected Technologies from Headers

See all in URL Inspect 4

PayPal

Cloudflare CDN

Cloudflare Turnstile

Microsoft Clarity

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

base-uri; script-src; frame-ancestors; +3 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

accept-encoding

connection: close
transfer-encoding: chunked
vary: accept-encoding

Caching Headers

Cache-Control

Caching

no-cache, no-store, must-revalidate

cache-control: no-cache, no-store, must-revalidate

Content Headers

Content-Type

Content

text/html; charset=UTF-8

content-type: text/html; charset=UTF-8

Server Headers

Server

cloudflare

server: cloudflare

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: _C_ETH=1; path=/; secure; httponly
_C_Auth=
userSidebarOpen_cmc=close; Max-Age=315360000; Path=/; Secure; SameSite=Lax
MUID=0A95A1B7027E67063835B6810318666D; expires=Tue, 04 May 2027 22:14:01 GMT; path=/; secure; samesite=none
MUIDB=0A95A1B7027E67063835B6810318666D; expires=Tue, 04 May 2027 22:14:01 GMT; path=/; httponly
_EDGE_S="F=1&SID=34E4FE85988E613417E6E9B399E86004"; path=/; httponly
_EDGE_V=1; expires=Tue, 04 May 2027 22:14:01 GMT; path=/; httponly
__cf_bm=Nw3qL8uOC_sTfD10ABHw9cNx_mAQ2zHqenrXy4Ozcls-1775772841-1.0.1.1-fnV2nTMs4KlQDCrP2Va4ZKqwHG3yKTGdzQxDQIen5bjwr5crXjPBfwkpVdSfAEuFlqxOFxl20Rh0kj2BFDEtTgf.WPYwozVypRfzgFbdApY; path=/; expires=Thu, 09-Apr-26 22:44:01 GMT; domain=.copilot.microsoft.com; HttpOnly; Secure; SameSite=None

Other Headers

Alt-Svc

Other

h3=":443"; ma=86400

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9e9cdcc5f85b3891-IAD

Date

Other

Thu, 09 Apr 2026 22:14:01 GMT

Nel

Other

Report-To Group not specified

Report-To

Other

Group network-errors max-age: 1w

Endpoint 1 https://aefd.nelreports.net/api/report?cat=sbc

Group network-errors max-age: 1w

Endpoint 1 https://aefd.nelreports.net/api/report?cat=bingserp

X-Cdn-Traceid

Other

9e9cdcc5f85b3891-IAD

X-Ceto-Ref

Other

69d824a98d084187921dbca7e8010228|AFD:69d824a98d084187921dbca7e8010228|2026-04-09T22:14:01.931Z

X-Origin-Server

Other

f559078

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 9e9cdcc5f85b3891-IAD
date: Thu, 09 Apr 2026 22:14:01 GMT
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}, {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0,"include_subdomains":true}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=sbc"}]}, {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingserp"}]}
x-cdn-traceid: 9e9cdcc5f85b3891-IAD
x-ceto-ref: 69d824a98d084187921dbca7e8010228|AFD:69d824a98d084187921dbca7e8010228|2026-04-09T22:14:01.931Z
x-origin-server: f559078

Recommendations

Enable compression (gzip/brotli) to improve performance