Open
Cached
·
just now
23
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Basic
base-uri; object-src; worker-src; +7 more
base-uri 'self'; object-src 'self'; worker-src data: blob: 'self'; media-src 'none'; manifest-src 'self'; font-src 'self' data: https://*.content.powerapps.com https://*.static.powerapps.com https://static2.sharepointonline.com https://*.cdn.office.net https://appsforoffice.microsoft.com https://spoprod-a.akamaihd.net; style-src 'self' 'unsafe-inline' https://*.content.powerapps.com https://*.static.powerapps.com https://*.cdn.office.net https://vsa.services.microsoft.com https://mfpembedcdnmsit.azureedge.net; child-src 'self' blob: ms-powerautomateregapp: ms-powerautomate: ms-powerautomatedesigner: https://make.preview.powerapps.com https://webshell.suite.office.com https://microsoft-onmicrosoft-com https://*.access.mcas.ms https://*.microsoft.com/ https://login.microsoftonline.com https://amcdn.msftauth.net https://outlook.office.com https://*.ces.microsoftcloud.com https://*.powerbi.com https://dogfoodartifacts.azureedge.net https://*.powerplatformusercontent.com https://bapfeblobprodsy.blob.core.windows.net https://bapfeblobprodml.blob.core.windows.net https://bapfeblobprodcq.blob.core.windows.net https://bapfeblobprodrio.blob.core.windows.net https://bapfeblobprodyt.blob.core.windows.net https://bapfeblobprodyq.blob.core.windows.net https://bapfeblobprodpn.blob.core.windows.net https://bapfeblobprodhk.blob.core.windows.net https://bapfeblobprodbl.blob.core.windows.net https://bapfeblobprodpa.blob.core.windows.net https://bapfeblobprodmr.blob.core.windows.net https://bapfeblobprodfra.blob.core.windows.net https://bapfeblobprodber.blob.core.windows.net https://bapfeblobprodkw.blob.core.windows.net https://bapfeblobprodos.blob.core.windows.net https://bapfeblobproddb.blob.core.windows.net https://bapfeblobprodjnb.blob.core.windows.net https://bapfeblobprodcpt.blob.core.windows.net https://bapfeblobprodsg.blob.core.windows.net https://bapfeblobprodma.blob.core.windows.net https://bapfeblobproddxb.blob.core.windows.net https://bapfeblobprodauh.blob.core.windows.net https://bapfeblobprodln.blob.core.windows.net https://bapfeblobprodcw.blob.core.windows.net https://bapfeblobprodam.blob.core.windows.net https://bapfeblobprodby.blob.core.windows.net https://bapfeblobprodzrh.blob.core.windows.net https://bapfeblobprodgva.blob.core.windows.net https://bapfeblobprodeno.blob.core.windows.net https://bapfeblobprodwno.blob.core.windows.net https://bapfeblobprodsgp.blob.core.windows.net https://bapfeblobprodskr.blob.core.windows.net https://bapfeblobprodckr.blob.core.windows.net https://bapfeblobprodcse.blob.core.windows.net https://bapfeblobprodcy.blob.core.windows.net https://bapfeblobprodmw.blob.core.windows.net https://az818438.vo.msecnd.net https://d365integstorageprodwus2.blob.core.windows.net; script-src 'self' 'wasm-unsafe-eval' https://*.content.powerapps.com https://*.static.powerapps.com https://*.cdn.office.net https://wcpstatic.microsoft.com https://*.msftauth.net https://*.res.office365.com https://*.monitor.azure.com https://*.flow.microsoft.com https://vsa.services.microsoft.com https://mfpembedcdnmsit.azureedge.net https://appsforoffice.microsoft.com https://cdn.jsdelivr.net/npm/[email protected] 'sha256-aDYDJMs2L60KstiJMulwQzpZ15AAu5ZD7QWUvlpD1M8=' 'sha256-TRsq5vkmHlqVgkpiE7RBLWrt6Punq9JsRG+VubnDdAI=' 'sha256-0u+3R0XRUEg9t5BhV8WRPJTMKrj6MUghmqlJzU/MnzM=' 'sha256-wODu+VfY8ND+vPVOUkzkfC/1jpkO6aSN5rGEBoSdnys='; report-uri https://csp.microsoft.com/report/PowerAutomate-MakerPortal;
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Caching Headers
3 headers
Cache-Control
Caching
no-store, must-revalidate, no-cache
Expires
Caching
0
Pragma
Caching
no-cache
Content Headers
2 headers
Content-Length
Content
8010
Content-Type
Content
text/html
Server Headers
0 headers
No server headers found
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
12 headers
Content-Security-Policy-Report-Only
Other
base-uri 'self'; media-src 'none'; object-src 'self'; manifest-src 'self'; style-src 'self' 'unsafe-inline' https://*.content.powerapps.com https://*.static.powerapps.com https://*.cdn.office.net https://vsa.services.microsoft.com https://mfpembedcdnmsit.azureedge.net; script-src 'self' blob: https://wcpstatic.microsoft.com https://shell.cdn.office.net https://res.cdn.office.net https://r4.res.office365.com https://amcdn.msftauth.net https://js.monitor.azure.com https://vsa.services.microsoft.com https://api.flow.microsoft.com https://preview.content.powerapps.com 'sha256-CnzmUY9XDWPjkAgzDPEHLlm4gygKztleRupzQDsr608=' 'sha256-JEwSVBrCE741EV9rbuu3EqBV+pc2dpFhRHIV6+9J0mY=' 'sha256-+2jm5SNRB4WubmMQDChnXjseeCIhj34lMFWKhVn1qBE=' 'sha256-y7y27Uq4p88K6EhwSUfbhCk9VakghnU/hORgjhopExY=' 'sha256-yt+SNVxRkIi6H6yb7ndFuZM1esMX9esg3UpRHaTsyVk=' 'sha256-aDYDJMs2L60KstiJMulwQzpZ15AAu5ZD7QWUvlpD1M8=' 'sha256-TRsq5vkmHlqVgkpiE7RBLWrt6Punq9JsRG+VubnDdAI=' 'sha256-0u+3R0XRUEg9t5BhV8WRPJTMKrj6MUghmqlJzU/MnzM=' 'sha256-wODu+VfY8ND+vPVOUkzkfC/1jpkO6aSN5rGEBoSdnys='; font-src 'self' data: https://*.content.powerapps.com https://*.static.powerapps.com https://static2.sharepointonline.com https://*.cdn.office.net https://appsforoffice.microsoft.com https://spoprod-a.akamaihd.net; form-action 'self'; report-uri https://csp.microsoft.com/report/PowerAutomate-MakerPortal;
Date
Other
Tue, 30 Dec 2025 15:18:56 GMT
Link
Other
<https://preview.content.powerapps.com>; rel="preconnect"
Server-Timing
Other
x-ms-igw-upstream-headers;dur=2.3,x-ms-igw-req-overhead;dur=0.1
X-Azure-Ref
Other
20251230T151856Z-16cb8b7df7fh68h4hC1BL1m0k40000000ewg00000000f90e
X-Cache
Other
CONFIG_NOCACHE
X-Ms-Activity-Vector
Other
00.00.00
X-Ms-Correlation-Id
Other
6fe65a93-2e69-4310-a516-c2236dbab421
X-Ms-Igw-Tracking-Id
Other
6bc2ad9d-e44e-4119-bfec-663377b788ed20251230151856_prdcm301eusgb0_0
X-Ms-Islandgateway
Other
_prdcm301eusgb0_0
X-Ms-Service-Request-Id
Other
6bc2ad9d-e44e-4119-bfec-663377b788ed
X-Servicefabric
Other
NoRetry
Recommendations
Enable compression (gzip/brotli) to improve performance