HTTP Headers Analysis for https://forms.guest.usercontent.microsoft

Detected Technologies from Headers

See all in URL Inspect 1

Microsoft 365

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=2592000; includeSubDomains

Content-Security-Policy

Basic

object-src; script-src; base-uri; +3 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

connection: close
transfer-encoding: chunked

Caching Headers

Cache-Control

Caching

no-cache, no-store, must-revalidate

Expires

Caching

0

Pragma

Caching

no-cache

cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache

Content Headers

Content-Type

Content

text/html; charset=utf-8

content-type: text/html; charset=utf-8

Server Headers

No server headers found

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: FormsWebSessionId=c1a2ae05-5b33-4061-8832-28b5e68e9211; max-age=2592000; path=/; secure; samesite=none; httponly
MUID=27F7AAF13FFA6013285CBDCA00D662CD; max-age=33696000; path=/; secure; samesite=none

Other Headers

Date

Other

Tue, 14 Apr 2026 00:19:04 GMT

Link

Other

URL

https://forms.office.com/cdn

rel=preconnect crossorigin=anonymous

Report-To

Other

Group endpoint-1 max-age: 3y

Endpoint 1 https://csp.microsoft.com/report/Forms-PROD

X-Cache

Other

CONFIG_NOCACHE

X-Correlationid

Other

acbddd27-5d22-43ae-a55d-b45b3d422bb8

X-Msedge-Ref

Other

Ref A: 1086ECD12F074A5A90BF776348448D12 Ref B: BL2AA2011003062 Ref C: 2026-04-14T00:19:04Z

X-Officecluster

Other

eus2-101.forms.office.com

X-Officefe

Other

FormsSingleBox_IN_12

X-Officeversion

Other

16.0.20009.42500

X-Routingcorrelationid

Other

acbddd27-5d22-43ae-a55d-b45b3d422bb8

X-Routingofficecluster

Other

eus2-101.forms.office.com

X-Routingofficefe

Other

FormsSingleBox_IN_12

X-Routingofficeversion

Other

16.0.20009.42500

X-Routingsessionid

Other

ede2d53d-c5a6-4d03-8d24-c49d5da63c3a

X-Usersessionid

Other

ede2d53d-c5a6-4d03-8d24-c49d5da63c3a

date: Tue, 14 Apr 2026 00:19:04 GMT
link: <https://forms.office.com/cdn>; rel=preconnect; crossorigin=anonymous
report-to: { "group": "endpoint-1", "max_age": 108864000, "endpoints": [ { "url": "https://csp.microsoft.com/report/Forms-PROD" }] }
x-cache: CONFIG_NOCACHE
x-correlationid: acbddd27-5d22-43ae-a55d-b45b3d422bb8
x-msedge-ref: Ref A: 1086ECD12F074A5A90BF776348448D12 Ref B: BL2AA2011003062 Ref C: 2026-04-14T00:19:04Z
x-officecluster: eus2-101.forms.office.com
x-officefe: FormsSingleBox_IN_12
x-officeversion: 16.0.20009.42500
x-routingcorrelationid: acbddd27-5d22-43ae-a55d-b45b3d422bb8
x-routingofficecluster: eus2-101.forms.office.com
x-routingofficefe: FormsSingleBox_IN_12
x-routingofficeversion: 16.0.20009.42500
x-routingsessionid: ede2d53d-c5a6-4d03-8d24-c49d5da63c3a
x-usersessionid: ede2d53d-c5a6-4d03-8d24-c49d5da63c3a

Recommendations

Enable compression (gzip/brotli) to improve performance