DNS Gurus
Cached · just now
21 Headers

HTTP Security Headers

Status
Strict-Transport-Security
Present
max-age=2592000
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Increase HSTS max-age to at least 1 year and add includeSubDomains
  • Add Content-Security-Policy header to prevent XSS attacks
  • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked

Caching Headers

2 headers
Cache-Control
Caching
no-cache, no-store
Pragma
Caching
no-cache

Content Headers

1 headers
Content-Type
Content
text/html; charset=utf-8

Server Headers

1 headers
X-Powered-By
Server
ASP.NET

CORS Headers

1 headers
Access-Control-Expose-Headers
Cors
X-Ems-Correlationid,X-Ems-SessionId

Cookies Headers

1 headers
Set-Cookie
Cookies
ARRAffinitySameSite=ee597654a49037ec6f76821b6e227d281142d423b70db86385c20e8e0e585d64;Path=/;HttpOnly;SameSite=None;Secure;Domain=support.microsoft.com

Other Headers

11 headers
Content-Security-Policy-Report-Only
Other
base-uri 'none'; connect-src 'self' http://localhost:* https://*.azure.com https://*.azurewebsites.net https://*.cdn.office.net https://*.microsoft.com https://*.microsoftonline.com https://*.microsoftstore.com https://*.office.com https://*.officeapps.live.com https://*.omnichannelengagementhub.com https://*.skype.com https://*.xbox.com https://aka.ms https://alchemysage.azurefd.net https://amcdn.msftauth.net https://login.live.com https://mem.gfx.ms https://ocsdk-prod.azureedge.net https://translate.googleapis.com https://www.google-analytics.com ms-contact-support: ms-surface-app: ms-windows-store: ws://localhost:* wss://*.trouter.skype.com; default-src 'none'; font-src 'self' https://*.cdn.office.net https://*.microsoft.com https://*.s-microsoft.com https://*.sharepointonline.com https://ajax.aspnetcdn.com https://fonts.gstatic.com https://spoppe-b.azureedge.net https://support.content.office.net https://use.typekit.net; form-action 'self' https://*.azure.com https://*.microsoft.com data:; frame-ancestors 'self' https://*.office.com https://*.officeapps.live.com https://*.sharepoint.com https://*.sharepoint-df.com https://admin-ignite.microsoft.com https://admin-sdf.microsoft.com https://admin.microsoft.com https://df.excel.cloud.microsoft https://df.powerpoint.cloud.microsoft https://df.word.cloud.microsoft https://excel.cloud-dev.microsoft https://excel.cloud.microsoft https://onedrive.live.com https://outlook.live.com https://powerpoint.cloud-dev.microsoft https://powerpoint.cloud.microsoft https://support.microsoft.com https://support.office.live.com https://teams.microsoft.com https://word.cloud-dev.microsoft https://word.cloud.microsoft; frame-src 'self' https://*.microsoft.com https://*.omnichannelengagementhub.com https://*.prod.support.office.com https://*.support.office.com https://amcdn.msftauth.net https://login.live.com https://login.microsoftonline.com https://mem.gfx.ms https://support.office.com https://support-uat.microsoft.com; img-src 'self' blob: data: https://*.microsoft.com https://*.s-microsoft.com https://aadcdn.msftauth.net https://arc.msn.com https://c.bing.com https://cxcs.microsoft.net https://fonts.gstatic.com https://img-prod-cms-rt-microsoft-com.akamaized.net https://logincdn.msftauth.net https://msegprdfuncblob.blob.core.windows.net https://musicart.xboxlive.com https://res.cdn.office.net https://res-1.cdn.office.net https://res.public.onecdn.static.microsoft https://support.content.office.net https://translate.google.com https://yastatic.net; media-src 'self' data: https://*.akamaized.net; object-src 'none'; report-uri /api/csp/report; script-src 'unsafe-inline' 'self' https:; style-src 'unsafe-inline' 'self' https:; worker-src 'self' blob:
Date
Other
Wed, 31 Dec 2025 19:48:57 GMT
Request-Context
Other
appId=cid-v1:b8b1f729-292d-4d99-ae99-6e39faf60ad8
X-Azure-Ref
Other
20251231T194857Z-17d86db7bdcz5d5hhC1BL10ts00000002p5g00000000c3cs
X-Buildversion
Other
v20251210.1.official
X-Cache
Other
CONFIG_NOCACHE
X-Ems-Correlationid
Other
8f4261c3-6517-4dfa-b06b-c7663578e9f6
X-Ems-Csp-Header-Version
Other
5
X-Ems-Envname
Other
emerald-prod-eus2
X-Ems-Instname
Other
pd1sdwk000ZKX
X-Ems-Sessionid
Other
8f4261c3-6517-4dfa-b06b-c7663578e9f6

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology