HTTP Headers Analysis for https://ccm.mobile.m365.svc.cloud.microsoft

Detected Technologies from Headers

See all in URL Inspect 2

AzureFrontDoor

SvelteKit

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=15552000; includeSubDomains

Content-Security-Policy

Basic

script-src Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

Performance Headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Vary

Performance

Accept-Encoding

accept-ranges: bytes
connection: close
vary: Accept-Encoding

Caching Headers

Cache-Control

Caching

private, no-cache, max-age=0

Etag

Caching

"e2kmn5"

Pragma

Caching

no-cache

cache-control: private, no-cache, max-age=0
etag: "e2kmn5"
pragma: no-cache

Content Headers

Content-Length

Content

30994

Content-Type

Content

text/html

content-length: 30994
content-type: text/html

Server Headers

No server headers found

CORS Headers

No CORS headers found

Cookies Headers

No cookies headers found

Other Headers

Date

Other

Mon, 20 Apr 2026 15:50:15 GMT

Link

Other

URL ./_app/immutable/entry/start.BaX49DEu.js

rel=modulepreload nopush

URL ./_app/immutable/chunks/CIBf1SZD.js

rel=modulepreload nopush

URL ./_app/immutable/chunks/BSd-cVt0.js

rel=modulepreload nopush

URL ./_app/immutable/chunks/BhItLEk8.js

rel=modulepreload nopush

URL ./_app/immutable/entry/start.BaX49DEu.js

rel=modulepreload nopush

URL ./_app/immutable/chunks/CIBf1SZD.js

rel=modulepreload nopush

URL ./_app/immutable/chunks/BSd-cVt0.js

rel=modulepreload nopush

URL ./_app/immutable/chunks/BhItLEk8.js

rel=modulepreload nopush

URL ./_app/immutable/entry/app.CSqfilY-.js

rel=modulepreload nopush

URL ./_app/immutable/chunks/Cp5gnBfT.js

rel=modulepreload nopush

URL ./_app/immutable/nodes/0.CGsJd41H.js

rel=modulepreload nopush

URL ./_app/immutable/nodes/6.C1HMg2LO.js

rel=modulepreload nopush

URL ./_app/immutable/chunks/BfYiWslh.js

rel=modulepreload nopush

URL ./_app/immutable/chunks/C5eY0t8d.js

rel=modulepreload nopush

URL ./_app/immutable/chunks/BGYn98JU.js

rel=modulepreload nopush

Origin-Agent-Cluster

Other

?1

Request-Context

Other

appId=cid-v1:

X-Azure-Ref

Other

20260420T155014Z-15c6b7d94d7vzwxvhC1IAD9g540000000ftg00000000bd4s

X-Cache

Other

PRIVATE_NOSTORE

X-Dns-Prefetch-Control

Other

off

X-Download-Options

Other

noopen

X-Fd-Int-Roxy-Purgeid

Other

1

X-Permitted-Cross-Domain-Policies

Other

none

X-Sveltekit-Page

Other

true

date: Mon, 20 Apr 2026 15:50:15 GMT
link: <./_app/immutable/entry/start.BaX49DEu.js>; rel="modulepreload"; nopush, <./_app/immutable/chunks/CIBf1SZD.js>; rel="modulepreload"; nopush, <./_app/immutable/chunks/BSd-cVt0.js>; rel="modulepreload"; nopush, <./_app/immutable/chunks/BhItLEk8.js>; rel="modulepreload"; nopush, <./_app/immutable/entry/app.CSqfilY-.js>; rel="modulepreload"; nopush, <./_app/immutable/chunks/Cp5gnBfT.js>; rel="modulepreload"; nopush, <./_app/immutable/nodes/0.CGsJd41H.js>; rel="modulepreload"; nopush, <./_app/immutable/nodes/6.C1HMg2LO.js>; rel="modulepreload"; nopush, <./_app/immutable/chunks/BfYiWslh.js>; rel="modulepreload"; nopush, <./_app/immutable/chunks/C5eY0t8d.js>; rel="modulepreload"; nopush, <./_app/immutable/chunks/BGYn98JU.js>; rel="modulepreload"; nopush
origin-agent-cluster: ?1
request-context: appId=cid-v1:
x-azure-ref: 20260420T155014Z-15c6b7d94d7vzwxvhC1IAD9g540000000ftg00000000bd4s
x-cache: PRIVATE_NOSTORE
x-dns-prefetch-control: off
x-download-options: noopen
x-fd-int-roxy-purgeid: 1
x-permitted-cross-domain-policies: none
x-sveltekit-page: true

Recommendations

Enable compression (gzip/brotli) to improve performance