Open
Cached
·
just now
16
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Basic
img-src; frame-src; font-src; +4 more
img-src 'self' 'self' data: blob: cdn.cloudappsecurity.com cloudappsecurity-rs.azureedge.net cdn.rscloudappsecurity.com cdn-discovery.rscloudappsecurity.com cdn-discovery.cloudappsecurity.com adaprodconsole.blob.core.windows.net prod03use2console1.blob.core.windows.net prod5usw2console1.blob.core.windows.net prod02euwconsole1.blob.core.windows.net prod4uksconsole1.blob.core.windows.net prod1uswportalreportxpfr.blob.core.windows.net prod2euwportalreportxwsf.blob.core.windows.net prod3use2portalreporxaly.blob.core.windows.net prod4uksportalreportxdid.blob.core.windows.net prod5usw2portalreporxmrg.blob.core.windows.net *.portal.cloudappsecurity.com *.eu.portal.cloudappsecurity.com *.us.portal.cloudappsecurity.com *.us2.portal.cloudappsecurity.com *.eu2.portal.cloudappsecurity.com *.us3.portal.cloudappsecurity.com; frame-src 'self' *.portal.cloudappsecurity.com *.eu.portal.cloudappsecurity.com *.us.portal.cloudappsecurity.com *.us2.portal.cloudappsecurity.com *.eu2.portal.cloudappsecurity.com *.us3.portal.cloudappsecurity.com; font-src 'self' *.s-microsoft.com c.s-microsoft.com flow.microsoft.com data: cdn.cloudappsecurity.com cloudappsecurity-rs.azureedge.net cdn.rscloudappsecurity.com static2.sharepointonline.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' dev.virtualearth.net cdn.cloudappsecurity.com cloudappsecurity-rs.azureedge.net cdn.rscloudappsecurity.com prodportalmfcdndfl.azureedge.net *.portal.cloudappsecurity.com *.eu.portal.cloudappsecurity.com *.us.portal.cloudappsecurity.com *.us2.portal.cloudappsecurity.com *.eu2.portal.cloudappsecurity.com *.us3.portal.cloudappsecurity.com; default-src 'self'; style-src 'self' 'unsafe-inline' *.s-microsoft.com cdn.cloudappsecurity.com cloudappsecurity-rs.azureedge.net cdn.rscloudappsecurity.com prodportalmfcdndfl.azureedge.net; connect-src 'self' dc.services.visualstudio.com dev.virtualearth.net cdn.cloudappsecurity.com cloudappsecurity-rs.azureedge.net cdn.rscloudappsecurity.com adaprodconsole.blob.core.windows.net prod03use2console1.blob.core.windows.net prod5usw2console1.blob.core.windows.net prod02euwconsole1.blob.core.windows.net prod4uksconsole1.blob.core.windows.net prod1uswportalreportxpfr.blob.core.windows.net prod2euwportalreportxwsf.blob.core.windows.net prod3use2portalreporxaly.blob.core.windows.net prod4uksportalreportxdid.blob.core.windows.net prod5usw2portalreporxmrg.blob.core.windows.net *.portal.cloudappsecurity.com *.eu.portal.cloudappsecurity.com *.us.portal.cloudappsecurity.com *.us2.portal.cloudappsecurity.com *.eu2.portal.cloudappsecurity.com *.us3.portal.cloudappsecurity.com
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Vary
Performance
Origin
Caching Headers
1 headers
Cache-Control
Caching
no-cache, no-store
Content Headers
2 headers
Content-Length
Content
4641
Content-Type
Content
text/html; charset=utf-8
Server Headers
0 headers
No server headers found
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
casFlow=0a00aee6ef8a11f0b234000d3a06c85d; Domain=.portal.cloudappsecurity.com; Path=/; Secure
Other Headers
4 headers
Date
Other
Mon, 12 Jan 2026 07:40:55 GMT
Request_id
Other
2ee8442d-bf92-4403-9182-be9dd50a7400
X-Azure-Ref
Other
20260112T074055Z-17b7f96fb7c8hzgzhC1BL1dhr800000003fg00000000326z
X-Cache
Other
CONFIG_NOCACHE
Recommendations
Enable compression (gzip/brotli) to improve performance