HTTP Headers Analysis for https://blog.bingads.com

SSL Verification Bypassed

The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.

Reason:

Hostname Mismatch - certificate is issued for reroute443.microsoft.com, not for blog.bingads.com

Open Cached · just now

25 Headers

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=63072000; includeSubdomains; preload

Content-Security-Policy

Basic

default-src; script-src; style-src; +5 more

default-src 'self' www.microsoft.com; script-src 'self' www.microsoft.com js.monitor.azure.com assets.adobedtm.com wcpstatic.microsoft.com mem.gfx.ms 'unsafe-inline' 'unsafe-eval' snap.licdn.com *.clarity.ms *.google.com www.gstatic.com 204-kzg-685.mktoweb.com bat.bing.com acdn.adnxs.com msamarketing.z22.web.core.windows.net admin.microsoft.com adsuxsiwest.blob.core.windows.net adsuxprodfd-awb5gsddabddbqgv.z01.azurefd.net adsuxsiwestfd-ahfeakeyhtafghd0.z01.azurefd.net *.api.sandbox.ads.microsoft.com *.api.ads.microsoft.com directline.botframework.com petrol-int.office.microsoft.com petrol.office.microsoft.com *.omnichannelengagementhub.com browser.pipe.aria.microsoft.com us-prod.asyncgw.teams.microsoft.com edge.skype.com customervoice.microsoft.com adrecommendation.api.sandbox.ads.microsoft.com adrecommendation.api.ads.microsoft.com res.cdn.office.net; style-src 'self' www.microsoft.com 'unsafe-inline' 204-kzg-685.mktoweb.com; font-src 'self' c.s-microsoft.com www.microsoft.com res-1.cdn.office.net data:; img-src 'self' data: img-prod-cms-rt-microsoft-com.akamaized.net googleads.g.doubleclick.net www.facebook.com px.ads.linkedin.com *.google.com *.google.co * dev-about.ads.microsoft.com qa-about.ads.microsoft.com about.ads.microsoft.com blob:; connect-src 'self' wss: 'unsafe-inline' *.google.com js.monitor.azure.com assets.adobedtm.com wcpstatic.microsoft.com mem.gfx.ms px.ads.linkedin.com mscom.demdex.net browser.events.data.microsoft.com d.clarity.ms target.microsoft.com dpm.demdex.net *.clarity.ms/collect bat.bing.com dev-about.ads.microsoft.com qa-about.ads.microsoft.com about-uat.ads.microsoft.com beta-about.ads.microsoft.com about.ads.microsoft.com *.adnxs.com consentreceiverfd-prod.azurefd.net adsuxprodfd-awb5gsddabddbqgv.z01.azurefd.net adsuxsiwestfd-ahfeakeyhtafghd0.z01.azurefd.net msftenterprise.sc.omtrdc.net westus2-2.in.applicationinsights.azure.com bat.bing.net msamarketing.z22.web.core.windows.net *.microsoft.com adsuxsiwest.blob.core.windows.net *.api.sandbox.ads.microsoft.com *.api.ads.microsoft.com directline.botframework.com petrol-int.office.microsoft.com petrol.office.microsoft.com *.omnichannelengagementhub.com browser.pipe.aria.microsoft.com us-prod.asyncgw.teams.microsoft.com edge.skype.com comms.omnichannelengagementhub.com *.trouter.skype.com *.communication.azure.com us-prod.asyncgw.teams.microsoft.com adrecommendation.api.sandbox.ads.microsoft.com adrecommendation.api.ads.microsoft.com res.cdn.office.net; frame-src 'self' *.google.com * 204-kzg-685.mktoweb.com www.microsoft.com; media-src 'self' blob: dev-about.ads.microsoft.com qa-about.ads.microsoft.com about-uat.ads.microsoft.com beta-about.ads.microsoft.com about.ads.microsoft.com;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Accept-Ranges

Performance

bytes

Connection

Performance

Vary

Performance

Accept-Encoding

Caching Headers

5 headers

Age

Caching

Cache-Control

Caching

public, max-age=300

Etag

Caching

"1eafa-648456ad69373"

Expires

Caching

Tue, 13 Jan 2026 14:19:01 GMT

Last-Modified

Caching

Tue, 13 Jan 2026 14:00:42 GMT

Content Headers

2 headers

Content-Length

Content

125690

Content-Type

Content

text/html;charset=utf-8

Server Headers

0 headers

No server headers found

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

11 headers

Afdforward

Other

Beta Prod

Afdgeo

Other

Afdrsaemplatform

Other

V11

Afdrsaemversion

Other

Date

Other

Tue, 13 Jan 2026 14:14:02 GMT

X-Azure-Ref

Other

20260113T141401Z-17b7f96fb7ct4ph6hC1BL1ev1000000002kg000000005ddu

X-Cache

Other

TCP_MISS

X-Fd-Int-Roxy-Purgeid

Other

X-Served-By

Other

cache-ewr-kewr1740028-EWR

X-Timer

Other

S1768313642.895387,VS0,VS0,VE80

X-Vhost

Other

publish

Recommendations

Enable compression (gzip/brotli) to improve performance