Open
Cached
·
just now
23
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Basic
base-uri; media-src; object-src; +7 more
base-uri 'self'; media-src 'none'; object-src 'self'; worker-src data: blob: 'self'; manifest-src 'self'; child-src 'self' blob: ms-powerautomateregapp: ms-powerautomate: ms-powerautomatedesigner: https://make.powerapps.com https://webshell.suite.office.com https://microsoft-onmicrosoft-com https://*.access.mcas.ms https://*.microsoft.com/ https://login.microsoftonline.com https://amcdn.msftauth.net https://outlook.office.com https://*.ces.microsoftcloud.com https://*.powerbi.com https://dogfoodartifacts.azureedge.net https://*.powerplatformusercontent.com https://bapfeblobprodsy.blob.core.windows.net https://bapfeblobprodml.blob.core.windows.net https://bapfeblobprodcq.blob.core.windows.net https://bapfeblobprodrio.blob.core.windows.net https://bapfeblobprodyt.blob.core.windows.net https://bapfeblobprodyq.blob.core.windows.net https://bapfeblobprodpn.blob.core.windows.net https://bapfeblobprodhk.blob.core.windows.net https://bapfeblobprodbl.blob.core.windows.net https://bapfeblobprodpa.blob.core.windows.net https://bapfeblobprodmr.blob.core.windows.net https://bapfeblobprodfra.blob.core.windows.net https://bapfeblobprodber.blob.core.windows.net https://bapfeblobprodkw.blob.core.windows.net https://bapfeblobprodos.blob.core.windows.net https://bapfeblobproddb.blob.core.windows.net https://bapfeblobprodjnb.blob.core.windows.net https://bapfeblobprodcpt.blob.core.windows.net https://bapfeblobprodsg.blob.core.windows.net https://bapfeblobprodma.blob.core.windows.net https://bapfeblobproddxb.blob.core.windows.net https://bapfeblobprodauh.blob.core.windows.net https://bapfeblobprodln.blob.core.windows.net https://bapfeblobprodcw.blob.core.windows.net https://bapfeblobprodam.blob.core.windows.net https://bapfeblobprodby.blob.core.windows.net https://bapfeblobprodzrh.blob.core.windows.net https://bapfeblobprodgva.blob.core.windows.net https://bapfeblobprodeno.blob.core.windows.net https://bapfeblobprodwno.blob.core.windows.net https://bapfeblobprodsgp.blob.core.windows.net https://bapfeblobprodskr.blob.core.windows.net https://bapfeblobprodckr.blob.core.windows.net https://bapfeblobprodcse.blob.core.windows.net https://az818438.vo.msecnd.net https://d365integstorageprodckr.blob.core.windows.net https://d365integstorageprodsg.blob.core.windows.net https://d365integstorageprodeno.blob.core.windows.net https://d365integstorageprodza.blob.core.windows.net https://d365integstorageprodcfr.blob.core.windows.net https://d365integstorageprodwcde.blob.core.windows.net https://d365integstorageprodnae.blob.core.windows.net https://d365integstorageprodsn.blob.core.windows.net https://d365integstorageprodci.blob.core.windows.net https://d365integstorageprodbs.blob.core.windows.net https://d365integstorageprodcae.blob.core.windows.net https://d365integstorageprodje.blob.core.windows.net https://d365integstorageproduks.blob.core.windows.net https://d365integstorageprodase.blob.core.windows.net https://d365integstorageprodea.blob.core.windows.net https://d365integstorageprodwe.blob.core.windows.net https://d365integstorageprodwus2.blob.core.windows.net; font-src 'self' data: https://content.powerapps.com https://static.powerapps.com https://static2.sharepointonline.com https://*.cdn.office.net https://appsforoffice.microsoft.com https://spoprod-a.akamaihd.net; style-src 'self' 'unsafe-inline' https://content.powerapps.com https://static.powerapps.com https://*.cdn.office.net https://vsa.services.microsoft.com https://mfpembedcdnmsit.azureedge.net; script-src 'self' 'unsafe-eval' 'wasm-unsafe-eval' https://content.powerapps.com https://static.powerapps.com https://*.cdn.office.net https://wcpstatic.microsoft.com https://*.msftauth.net https://*.res.office365.com https://*.monitor.azure.com https://*.flow.microsoft.com https://vsa.services.microsoft.com https://mfpembedcdnmsit.azureedge.net https://appsforoffice.microsoft.com https://cdn.jsdelivr.net/npm/[email protected] 'sha256-5Ak7SFUphPwGgLz3V4Xelf0S0V5wEVMm1N8v9fI2/lw=' 'sha256-TRsq5vkmHlqVgkpiE7RBLWrt6Punq9JsRG+VubnDdAI=' 'sha256-pecrnaAxGZ2wjZgJTkmX2HrtPgExtWD83KkYoPL1CuY=' 'sha256-wODu+VfY8ND+vPVOUkzkfC/1jpkO6aSN5rGEBoSdnys='; report-uri https://csp.microsoft.com/report/PowerAutomate-MakerPortal;
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Caching Headers
3 headers
Cache-Control
Caching
no-store, must-revalidate, no-cache
Expires
Caching
0
Pragma
Caching
no-cache
Content Headers
2 headers
Content-Length
Content
7959
Content-Type
Content
text/html
Server Headers
0 headers
No server headers found
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
12 headers
Content-Security-Policy-Report-Only
Other
base-uri 'self'; media-src 'none'; object-src 'self'; manifest-src 'self'; style-src 'self' 'unsafe-inline' https://*.content.powerapps.com https://*.static.powerapps.com https://*.cdn.office.net https://vsa.services.microsoft.com https://mfpembedcdnmsit.azureedge.net; script-src 'self' blob: https://wcpstatic.microsoft.com https://shell.cdn.office.net https://res.cdn.office.net https://r4.res.office365.com https://amcdn.msftauth.net https://js.monitor.azure.com https://vsa.services.microsoft.com https://api.flow.microsoft.com https://content.powerapps.com 'sha256-CnzmUY9XDWPjkAgzDPEHLlm4gygKztleRupzQDsr608=' 'sha256-JEwSVBrCE741EV9rbuu3EqBV+pc2dpFhRHIV6+9J0mY=' 'sha256-+2jm5SNRB4WubmMQDChnXjseeCIhj34lMFWKhVn1qBE=' 'sha256-y7y27Uq4p88K6EhwSUfbhCk9VakghnU/hORgjhopExY=' 'sha256-yt+SNVxRkIi6H6yb7ndFuZM1esMX9esg3UpRHaTsyVk=' 'sha256-5Ak7SFUphPwGgLz3V4Xelf0S0V5wEVMm1N8v9fI2/lw=' 'sha256-TRsq5vkmHlqVgkpiE7RBLWrt6Punq9JsRG+VubnDdAI=' 'sha256-pecrnaAxGZ2wjZgJTkmX2HrtPgExtWD83KkYoPL1CuY=' 'sha256-wODu+VfY8ND+vPVOUkzkfC/1jpkO6aSN5rGEBoSdnys='; font-src 'self' data: https://*.content.powerapps.com https://*.static.powerapps.com https://static2.sharepointonline.com https://*.cdn.office.net https://appsforoffice.microsoft.com https://spoprod-a.akamaihd.net; form-action 'self'; report-uri https://csp.microsoft.com/report/PowerAutomate-MakerPortal;
Date
Other
Thu, 25 Dec 2025 22:35:09 GMT
Link
Other
<https://content.powerapps.com>; rel="preconnect"
Server-Timing
Other
x-ms-igw-upstream-headers;dur=1.9,x-ms-igw-req-overhead;dur=0.1
X-Azure-Ref
Other
20251225T223509Z-16cb8b7df7fpjlfzhC1BL16ed800000004cg0000000091na
X-Cache
Other
CONFIG_NOCACHE
X-Ms-Activity-Vector
Other
00.00.00
X-Ms-Correlation-Id
Other
896533ee-3e2e-4d6f-a3ef-b0e85def76da
X-Ms-Igw-Tracking-Id
Other
4862d5b7-bedb-42a9-8ea4-73e18079490420251225223509_prdcm001eusgb0_2
X-Ms-Islandgateway
Other
_prdcm001eusgb0_2
X-Ms-Service-Request-Id
Other
4862d5b7-bedb-42a9-8ea4-73e180794904
X-Servicefabric
Other
NoRetry
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 200ms