Open
Cached
·
4h ago
14
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=2592000
Content-Security-Policy
Strong
default-src; base-uri; script-src; +14 more
default-src 'none'; base-uri 'self'; script-src 'self' 'report-sample' 'nonce-sHIV4C9hwZQ+TBVHxSwtkw==' https://educdnprod.azureedge.net https://graph.microsoft.com https://res-1.cdn.office.net https://js.monitor.azure.com https://r4.res.office365.com https://amcdn.msauth.net https://amcdn.msftauth.net https://shell.cdn.office.net https://webshell.suite.office.com https://outlook.office.com https://web.vortex.data.microsoft.com; style-src 'self' 'report-sample' 'nonce-sHIV4C9hwZQ+TBVHxSwtkw==' 'sha256-WnYlf4sptvofAmLuSzc4I5AoL2p0tgh3zAhcB9i4jik=' 'sha256-JaeWdynp34yZFItR6NRzqQlLrmBPQ+OifbVpZ1yNVXg=' 'sha256-78mlrqYIBBCiN+RpcokpLFXVubwiyrzodb8eMOSQ4/c=' 'sha256-lRPq5UzwtkX96GmKv3caLPlHbEwm5fkIYZd2uJ5atTI=' 'sha256-XLNjfATk1/ozw+KgbXkG6BpZRxgXtF8vDBhNFLj/yBY=' 'sha256-2WQamnEPh84sQbUASktVCzKkl3Kf/KoGPTCDJ6qraUg=' 'sha256-7t4hvFH6TkqUWfUY0WRTP0kxg5g4L5vtrdGLJir+3e4=' 'sha256-JCyahuSyXGrkupW8aE+WS0CeZJR8EXOxAduAFkY4HPQ=' 'sha256-pYqPpWQ1wHqmCoi74xGAT/ALP85EZ9Sq0sjiIOYX1wo=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-6eFVy/MgSOeHXEcsmQK8CXKSktICgwSkQL8tmiQkgvc=' https://educdnprod.azureedge.net https://www.microsoft.com https://shell.cdn.office.net https://res-1.cdn.office.net; font-src 'self' data: https://www.microsoft.com https://c.s-microsoft.com https://res.cdn.office.net https://res-1.cdn.office.net; img-src 'self' data: https://educdnprod.azureedge.net https://ow1.res.office365.com https://outlook.office.com https://shell.cdn.office.net https://res-1.cdn.office.net https://outlook.cloud.microsoft https://res.cdn.office.net; connect-src blob: 'self' https://res.cdn.office.net https://outlook.live.com https://graph.microsoft.com https://*.sds.microsoft.com https://sds.microsoft.com https://*.sds.edu.cloud.dev.microsoft https://r4.res.office365.com https://educdnprod.azureedge.net https://eduarprsprodwus2uplstore.dfs.core.windows.net https://eduarprsprodweuuplstore.dfs.core.windows.net https://eduarprsprodwus2uplstore.blob.core.windows.net https://eduarprsprodweuuplstore.blob.core.windows.net https://config.edge.skype.com https://ecs.office.com https://browser.pipe.aria.microsoft.com https://*.events.data.microsoft.com https://*.fp.measure.office.com https://uhf.microsoft.com https://res-1.cdn.office.net https://*.office.com https://shell.cdn.office.net https://login.microsoftonline.com https://pp1.prd.attend.teams.microsoft.com https://*.officeapps.live.com https://outlook.office365.com https://m365.cloud.microsoft https://*.config.skype.com; media-src https://educdnprod.azureedge.net; form-action 'none'; frame-src https://support.office.com https://webshell.suite.office.com https://shell.cdn.office.net https://amcdn.msftauth.net https://outlook.office.com; worker-src 'none'; object-src 'none'; manifest-src 'self' https://educdnprod.azureedge.net; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://csp.microsoft.com/report/SchoolDataSync-PROD;
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Caching Headers
3 headers
Cache-Control
Caching
no-store, no-cache, must-revalidate, max-age=0
Expires
Caching
0
Pragma
Caching
no-cache
Content Headers
2 headers
Content-Length
Content
4020
Content-Type
Content
text/html
Server Headers
0 headers
No server headers found
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
ASLBSACORS=0003147a8a0bf4af397446e22dbb8d480aceda1a3c88041199e2412761ffed3926fe; SameSite=none; Path=/; Secure; HttpOnly;
Other Headers
4 headers
Date
Other
Mon, 29 Dec 2025 14:17:06 GMT
X-Azure-Ref
Other
20251229T141705Z-16cb8b7df7f984nshC1BL1bprg000000072g000000002207
X-Cache
Other
CONFIG_NOCACHE
X-Classroom-Correlation-Id
Other
1a7f6fe4-6079-416b-9379-e6604b0824e8
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 1ms