HTTP Headers Analysis for https://copilot.microsoft.com

Detected Technologies from Headers

See all in URL Inspect 4

PayPal

Cloudflare CDN

Cloudflare Turnstile

Microsoft Clarity

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

base-uri; script-src; frame-ancestors; +3 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

accept-encoding

connection: close
transfer-encoding: chunked
vary: accept-encoding

Caching Headers

Cache-Control

Caching

no-cache, no-store, must-revalidate

cache-control: no-cache, no-store, must-revalidate

Content Headers

Content-Type

Content

text/html; charset=UTF-8

content-type: text/html; charset=UTF-8

Server Headers

Server

cloudflare

server: cloudflare

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: _C_ETH=1; path=/; secure; httponly
_C_Auth=
userSidebarOpen_cmc=close; Max-Age=315360000; Path=/; Secure; SameSite=Lax
MUID=2F6CD9F5080F663724D2CECF09E76716; expires=Sat, 08 May 2027 19:51:22 GMT; path=/; secure; samesite=none
MUIDB=2F6CD9F5080F663724D2CECF09E76716; expires=Sat, 08 May 2027 19:51:22 GMT; path=/; httponly
_EDGE_S="F=1&SID=165583BC248A6DF63E4B948625626CCA"; path=/; httponly
_EDGE_V=1; expires=Sat, 08 May 2027 19:51:22 GMT; path=/; httponly
__cf_bm=YBGYqrHmigf5IhmdhzK41XhvXFaktLNEsLql0XrZ.K4-1776109882-1.0.1.1-zizrQcotcMCJs6EfR3NXlaUNqBFgdjspwmQMDTPW7TsliKxJ.E_n5WT6eztkFqr0wxsnYVtomJU2XUXxJHyupqhVlTzz0u8L7NvVRq7Chtg; path=/; expires=Mon, 13-Apr-26 20:21:22 GMT; domain=.copilot.microsoft.com; HttpOnly; Secure; SameSite=None

Other Headers

Alt-Svc

Other

h3=":443"; ma=86400

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9ebd014e9a49578c-IAD

Date

Other

Mon, 13 Apr 2026 19:51:22 GMT

Nel

Other

Report-To Group not specified

Report-To

Other

Group network-errors max-age: 1w

Endpoint 1 https://aefd.nelreports.net/api/report?cat=sbc

Group network-errors max-age: 1w

Endpoint 1 https://aefd.nelreports.net/api/report?cat=bingserp

X-Cdn-Traceid

Other

9ebd014e9a49578c-IAD

X-Ceto-Ref

Other

69dd493a6bc8438096ad4c5b8d1fa4e0|AFD:69dd493a6bc8438096ad4c5b8d1fa4e0|2026-04-13T19:51:22.665Z

X-Origin-Server

Other

15ed3f9

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 9ebd014e9a49578c-IAD
date: Mon, 13 Apr 2026 19:51:22 GMT
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}, {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0,"include_subdomains":true}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=sbc"}]}, {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingserp"}]}
x-cdn-traceid: 9ebd014e9a49578c-IAD
x-ceto-ref: 69dd493a6bc8438096ad4c5b8d1fa4e0|AFD:69dd493a6bc8438096ad4c5b8d1fa4e0|2026-04-13T19:51:22.665Z
x-origin-server: 15ed3f9

Recommendations

Enable compression (gzip/brotli) to improve performance