Open
Cached
·
just now
15
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Good
base-uri; block-all-mixed-content; connect-src; +15 more
base-uri 'none';block-all-mixed-content;connect-src 'self' https://statics.teams.cdn.live.net login.microsoftonline.com teams.microsoft.com teams.live.com teams.events.data.microsoft.com browser.events.data.microsoft.com *.asm.skype.com c.bing.com *.clarity.ms config.teams.microsoft.com consentreceiverfd-prod.azurefd.net;default-src 'none';font-src static2.sharepointonline.com;form-action 'none';frame-ancestors 'self';frame-src 'self' login.microsoftonline.com login.live.com;img-src https://statics.teams.cdn.live.net 'self' teams.live.com;manifest-src 'none';media-src https://statics.teams.cdn.live.net;object-src 'none';require-trusted-types-for 'script';script-src 'report-sample' 'nonce-A/QGdzcRjAnmd2nqwxwiyQ==' https://statics.teams.cdn.live.net res.cdn.office.net 'self' wcpstatic.microsoft.com;style-src 'self' static2.sharepointonline.com 'unsafe-inline';trusted-types @msteams/gather @msteams/core-services-telemetry-worker#TelemetryWorker default dompurify;worker-src 'self';report-uri https://csp.microsoft.com/report/teams-web-r4?v=25111315546&env=life&exp=gather;
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Strengthen CSP by removing 'unsafe-eval'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
1 headers
Connection
Performance
close
Caching Headers
2 headers
Cache-Control
Caching
no-store, no-transform, must-revalidate, no-cache
Expires
Caching
Tue, 30 Dec 2025 09:40:07 GMT
Content Headers
2 headers
Content-Length
Content
53606
Content-Type
Content
text/html; charset=utf-8
Server Headers
0 headers
No server headers found
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
6 headers
Date
Other
Wed, 31 Dec 2025 09:40:06 GMT
Requestid
Other
8c5ccff3b2a49d5d6cd649813b00bccb
Timing-Allow-Origin
Other
*
X-Cache
Other
CONFIG_NOCACHE
X-Msedge-Ref
Other
Ref A: 8892DFB0255F40D6978BD8C5CAC85516 Ref B: BL2EDGE2810 Ref C: 2025-12-31T09:40:07Z
X-Ring-Info
Other
web: general [assigned];
Recommendations
Enable compression (gzip/brotli) to improve performance