Open
Cached
·
just now
22
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Basic
base-uri; default-src; media-src; +14 more
base-uri 'none'; default-src 'none'; media-src data: blob:; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.azure.com https://cdn.deno.land https://unpkg.com https://ajax.googleapis.com https://statics.teams.microsoft.com https://secure.aadcdn.microsoftonline-p.com https://web.vortex.data.microsoft.com https://wcpstatic.microsoft.com https://consentreceiverfd-prod.azurefd.net https://shellprod.msocdn.com https://webshell.suite.office.com https://shell.cdn.office.net https://webshell.suite.officeppe.com https://shellppe.msocdn.com https://shellppe.cdn.office.net https://outlook.office365.com/ https://amcdn.msauth.net https://amcdn.msftauth.net https://atm-fp-direct.office.com https://a-ring.msedge.net https://b-ring.msedge.net https://k-ring.msedge.net https://s-ring.msedge.net https://ow1.res.office365.com https://afd-a-acdc-direct.office.com https://afd-k-acdc-direct.office.com https://acdc-direct.office.com https://gtm-dyn-direct.office365.com https://outlook.office.com https://outlook.live.com https://substrate.office.com https://r4.res.office365.com https://wusprodprv.msocdn.com https://scuprodprv.msocdn.com https://prod.msocdn.com https://*.cdn.office.net https://portal-sdf.office.com https://portal.officeppe.com https://portal.office.com; style-src 'self' 'report-sample' 'unsafe-inline' https://static2.sharepointonline.com https://shellprod.msocdn.com https://shell.cdn.office.net; img-src 'self' https://login.live.com https://storage.live.com https://webshell.suite.office.com https://res-1.cdn.office.net https://web.vortex.data.microsoft.com data: blob: https://outlook.office365.com https://shellprod.msocdn.com https://shell.cdn.office.net https://shellppe.cdn.office.net https://ow1.res.office365.com *.office365.com *.wvdselfhost.microsoft.com *.wvd.microsoft.com; connect-src 'self' https://officeclient.microsoft.com/ https://alchemysage.azurefd.net https://odc.officeapps.live.com/ https://config.edge.skype.com/ https://oness.microsoft.com https://onessppe.microsoft.com https://graph.microsoft.com/ https://graph.microsoft.us/ https://canary.graph.microsoft.com/ https://*.servicebus.windows.net https://*.cdn.office.net/ https://*.servicebus.usgovcloudapi.net https://*.servicebus.chinacloudapi.cn *.wvd.azure.us wss://*.wvd.azure.us https://tb.pipe.aria.microsoft.com https://config.ecs.gov.teams.microsoft.us https://petrol-int.office.microsoft.com/ https://petrol.office.microsoft.com/ https://waconafd.officeapps.live.com/ https://config.teams.microsoft.com *.events.data.microsoft.com https://web.vortex.data.microsoft.com shellprod.msocdn.com shellppe.msocdn.com *.office.com *.officeppe.com https://shell.cdn.office.net https://shellppe.cdn.office.net https://login.microsoftonline.com https://login.microsoftonline.us https://browser.pipe.aria.microsoft.com https://waconatm.officeapps.live.com https://outlook.office365.com *.wvdselfhost.microsoft.com *.wvd.microsoft.com wss://*.wvdselfhost.microsoft.com wss://*.wvd.microsoft.com https://admin-ignite.microsoft.com https://admin-sdf.microsoft.com https://admin.microsoft.com https://sip.clients.config.office.net/user/v1.0/web/policies https://clients.config.office.net/user/v1.0/web/policies *.cloud.microsoft *.microsoft.com; font-src 'self' https://static2.sharepointonline.com https://spoprod-a.akamaihd.net https://*.cdn.office.net data:; frame-src 'self' https://*.access.mcas.ms/ https://*.access.mcas-gov.ms/ https://*.access.mcas-gov.us/ https://support.microsoft.com/ https://amcdn.msftauth.net https://customervoice.microsoft.com/ https://shellprod.msocdn.com https://webshell.suite.office.com https://webshell.suite.officeppe.com https://login.microsoftonline.com https://login.microsoftonline.us https://outlook.office.com https://outlook.office365.us/ https://eu-mobile.events.data.microsoft.com https://browser.events.data.microsoft.com https://webshell.suite.office365.us/ *.sharepoint.com/ https://www.yammer.com/; child-src 'self' https://shellprod.msocdn.com https://webshell.suite.office.com https://webshell.suite.officeppe.com; worker-src 'self'; form-action 'none'; object-src 'self'; block-all-mixed-content; manifest-src 'self'; report-uri https://edge.skype.net/r/c;frame-ancestors 'self';
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Vary
Performance
Accept-Encoding
Caching Headers
3 headers
Cache-Control
Caching
no-store
Etag
Caching
0x8DE588E084F1BF5
Last-Modified
Caching
Wed, 21 Jan 2026 01:40:18 GMT
Content Headers
2 headers
Content-Length
Content
1631
Content-Type
Content
text/html
Server Headers
1 headers
X-Powered-By
Server
ASP.NET
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
10 headers
Date
Other
Wed, 04 Feb 2026 21:27:24 GMT
X-Azure-Ref
Other
20260204T212724Z-r1d65bb46d4qtwn6hC1BL1ex8800000001v0000000005we4
X-Cache
Other
CONFIG_NOCACHE
X-Ms-Blob-Type
Other
BlockBlob
X-Ms-Correlation-Id
Other
b544067c-f058-4081-a3e6-60894b191db8
X-Ms-Lamport-Ts
Other
11081337460
X-Ms-Lease-Status
Other
unlocked
X-Ms-Request-Id
Other
8db48387-a01e-006f-3339-955d32000000
X-Ms-Version
Other
2009-09-19
X-Ms-Wvd-Service-Region
Other
EUS
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology