HTTP Headers Analysis for https://g.microsoftonline.com

Detected Technologies from Headers

See all in URL Inspect 2

Akamai

Kestrel

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=1209600; includeSubDomains; preload

Content-Security-Policy

Basic

block-all-mixed-content; connect-src; default-src; +5 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

sameorigin

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Vary

Performance

Origin

connection: close
vary: Origin

Caching Headers

Cache-Control

Caching

no-store,no-cache

Pragma

Caching

no-cache

cache-control: no-store,no-cache
pragma: no-cache

Content Headers

Content-Length

Content

52150

Content-Type

Content

text/html; charset=utf-8

content-length: 52150
content-type: text/html; charset=utf-8

Server Headers

Server

Kestrel

server: Kestrel

CORS Headers

Access-Control-Allow-Methods

Cors

HEAD,GET,OPTIONS

access-control-allow-methods: HEAD,GET,OPTIONS

Cookies Headers

Set-Cookie

Cookies

set-cookie: _C_ETH=1; domain=.msn.com; path=/; secure; httponly
_C_Auth=
sptmarket=en-us%7C%7Cus%7Cen-us%7Cen-us%7Cen%7C%7Creason%3DRevIP%3Aus%7Ccf%3D8%7CRefA%3D699ce41d3274473db2761b738965655d.RefC%3D2026-02-23T23%3A34%3A53Z; expires=Wed, 23 Feb 2028 23:34:53 GMT; path=/
USRLOC=; expires=Wed, 23 Feb 2028 23:34:53 GMT; domain=.msn.com; path=/; secure; samesite=none; httponly
MUID=030779CB11896D9D0C636EC210D86C45; expires=Sat, 20 Mar 2027 23:34:53 GMT; domain=.msn.com; path=/; secure; samesite=none
MUIDB=030779CB11896D9D0C636EC210D86C45; expires=Sat, 20 Mar 2027 23:34:53 GMT; path=/; httponly
_EDGE_S=F=1&SID=13E2556D49EE67270B11426448BF66DD; domain=.msn.com; path=/; httponly
_EDGE_V=1; expires=Sat, 20 Mar 2027 23:34:53 GMT; domain=.msn.com; path=/; httponly

Other Headers

Akamai-Cache-Status

Other

NotCacheable from child

Akamai-Grn

Other

0.5453d117.1771889693.83c2692d

Akamai-Request-Bc

Other

[a=23.209.83.84,b=2210556205,c=g,n=US_IL_CHICAGO,o=20940],[c=c,n=US_VA_ASHBURN,o=20940],[a=45,c=o]

Akamai-Request-Id

Other

83c2692d

Akamai-Server-Ip

Other

23.209.83.84

Date

Other

Mon, 23 Feb 2026 23:34:53 GMT

Nel

Other

Report-To Group network-errors max-age: 1w

success: 0.1% failure: 100.0%

Nel-And-Csp-Report-To

Other

{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]},{"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://deff.nelreports.net/api/report"}]}

Server-Timing

Other

clientrtt; dur=22, clienttt; dur=36, origin; dur=9, cdntime; dur=27, wpo;dur=0,1s;dur=0

Timing-Allow-Origin

Other

*

X-Cdn-Ref

Other

83c2692d | 699ce41d3274473db2761b738965655d|AFD:699ce41d3274473db2761b738965655d|2026-02-23T23:34:53.744Z | 2026-02-23T23:34:53

X-Ceto-Ref

Other

699ce41d3274473db2761b738965655d|AFD:699ce41d3274473db2761b738965655d|2026-02-23T23:34:53.744Z

X-Msedge-Ref

Other

83c2692d | 699ce41d3274473db2761b738965655d|AFD:699ce41d3274473db2761b738965655d|2026-02-23T23:34:53.744Z | 2026-02-23T23:34:53

X-Pcs-Ref

Other

TraceId:699ce41d3274473db2761b738965655d|UtcTimestamp:20260223233453|Tenant:ClusterFleetProdEUS2|RoleInstance:pagecompositionservice-78b974bc85-qf77m

X-Ua-Compatible

Other

IE=Edge;chrome=1

akamai-cache-status: NotCacheable from child
akamai-grn: 0.5453d117.1771889693.83c2692d
akamai-request-bc: [a=23.209.83.84,b=2210556205,c=g,n=US_IL_CHICAGO,o=20940],[c=c,n=US_VA_ASHBURN,o=20940],[a=45,c=o]
akamai-request-id: 83c2692d
akamai-server-ip: 23.209.83.84
date: Mon, 23 Feb 2026 23:34:53 GMT
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
nel-and-csp-report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]},{"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://deff.nelreports.net/api/report"}]}
server-timing: clientrtt; dur=22, clienttt; dur=36, origin; dur=9, cdntime; dur=27, wpo;dur=0,1s;dur=0
timing-allow-origin: *
x-cdn-ref: 83c2692d | 699ce41d3274473db2761b738965655d|AFD:699ce41d3274473db2761b738965655d|2026-02-23T23:34:53.744Z | 2026-02-23T23:34:53
x-ceto-ref: 699ce41d3274473db2761b738965655d|AFD:699ce41d3274473db2761b738965655d|2026-02-23T23:34:53.744Z
x-msedge-ref: 83c2692d | 699ce41d3274473db2761b738965655d|AFD:699ce41d3274473db2761b738965655d|2026-02-23T23:34:53.744Z | 2026-02-23T23:34:53
x-pcs-ref: TraceId:699ce41d3274473db2761b738965655d|UtcTimestamp:20260223233453|Tenant:ClusterFleetProdEUS2|RoleInstance:pagecompositionservice-78b974bc85-qf77m
x-ua-compatible: IE=Edge;chrome=1

Recommendations

Enable compression (gzip/brotli) to improve performance