HTTP Headers Analysis for https://ieonline.microsoft.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

script-src; base-uri Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Present

unload=()

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)

Performance Headers

Connection

Performance

close

connection: close

Caching Headers

Cache-Control

Caching

private

cache-control: private

Content Headers

Content-Length

Content

170278

Content-Type

Content

text/html; charset=utf-8

content-length: 170278
content-type: text/html; charset=utf-8

Server Headers

No server headers found

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: MUID=0944A5F81B2563F53862B2FE1AAE6276; domain=.microsoft.com; expires=Wed, 17-Mar-2027 21:35:37 GMT; path=/; secure; SameSite=None
MUIDB=0944A5F81B2563F53862B2FE1AAE6276; expires=Wed, 17-Mar-2027 21:35:37 GMT; path=/; HttpOnly
_EDGE_S=F=1&SID=3A9D5325CE0B68B329544423CF80697A; domain=.microsoft.com; path=/; HttpOnly
_EDGE_V=1; domain=.microsoft.com; expires=Wed, 17-Mar-2027 21:35:37 GMT; path=/; HttpOnly
SRCHD=AF=NOFORM; domain=.microsoft.com; expires=Sun, 20-Feb-2028 21:35:37 GMT; path=/
SRCHUID=V=2&GUID=AC71136707EC4DABA0A4263E7731DC6C&dmnchg=1; domain=.microsoft.com; expires=Sun, 20-Feb-2028 21:35:37 GMT; path=/
SRCHUSR=DOB=20260220; domain=.microsoft.com; expires=Sun, 20-Feb-2028 21:35:37 GMT; path=/
SRCHHPGUSR=SRCHLANG=en; domain=.microsoft.com; expires=Sun, 20-Feb-2028 21:35:37 GMT; path=/
_SS=SID=3A9D5325CE0B68B329544423CF80697A; domain=.microsoft.com; path=/

Other Headers

Accept-Ch

Other

Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version

Alt-Svc

Other

h3=":443"; ma=3600

Date

Other

Fri, 20 Feb 2026 21:35:36 GMT

P3p

Other

CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"

Useragentreductionoptout

Other

A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=

X-Cache

Other

CONFIG_NOCACHE

X-Error-Page

Other

404-custom

X-Eventid

Other

6998d3a9cef74ebd9bc134b132b2a62a

X-Msedge-Ref

Other

Ref A: 929AA219D4664940AC4D13681E198172 Ref B: MNZ221060608021 Ref C: 2026-02-20T21:35:37Z

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=3600
date: Fri, 20 Feb 2026 21:35:36 GMT
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
x-cache: CONFIG_NOCACHE
x-error-page: 404-custom
x-eventid: 6998d3a9cef74ebd9bc134b132b2a62a
x-msedge-ref: Ref A: 929AA219D4664940AC4D13681E198172 Ref B: MNZ221060608021 Ref C: 2026-02-20T21:35:37Z

Recommendations

Enable compression (gzip/brotli) to improve performance