HTTP Headers Analysis for https://static.forms.office.com

Detected Technologies from Headers

See all in URL Inspect 1

Microsoft 365

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=2592000; includeSubDomains

Content-Security-Policy

Basic

object-src; script-src; base-uri; +3 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

connection: close
transfer-encoding: chunked

Caching Headers

Cache-Control

Caching

no-cache, no-store, must-revalidate

Expires

Caching

0

Pragma

Caching

no-cache

cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache

Content Headers

Content-Type

Content

text/html; charset=utf-8

content-type: text/html; charset=utf-8

Server Headers

No server headers found

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: FormsWebSessionId=e7a50895-f261-46ff-8412-10b0d91eff23; max-age=2592000; path=/; secure; samesite=none; httponly

Other Headers

Date

Other

Sun, 12 Apr 2026 10:12:08 GMT

Link

Other

URL

https://forms.office.com/cdn

rel=preconnect crossorigin=anonymous

Report-To

Other

Group endpoint-1 max-age: 3y

Endpoint 1 https://csp.microsoft.com/report/Forms-PROD

X-Correlationid

Other

f392c809-97d7-448d-8606-3138b615dffb

X-Officecluster

Other

wus-100.forms.office.com

X-Officefe

Other

FormsSingleBox_IN_1

X-Officeversion

Other

16.0.20009.42500

X-Routingcorrelationid

Other

f392c809-97d7-448d-8606-3138b615dffb

X-Routingofficecluster

Other

wus-100.forms.office.com

X-Routingofficefe

Other

FormsSingleBox_IN_1

X-Routingofficeversion

Other

16.0.20009.42500

X-Routingsessionid

Other

60303fac-bae4-4a36-9638-c30e3813735c

X-Usersessionid

Other

60303fac-bae4-4a36-9638-c30e3813735c

date: Sun, 12 Apr 2026 10:12:08 GMT
link: <https://forms.office.com/cdn>; rel=preconnect; crossorigin=anonymous
report-to: { "group": "endpoint-1", "max_age": 108864000, "endpoints": [ { "url": "https://csp.microsoft.com/report/Forms-PROD" }] }
x-correlationid: f392c809-97d7-448d-8606-3138b615dffb
x-officecluster: wus-100.forms.office.com
x-officefe: FormsSingleBox_IN_1
x-officeversion: 16.0.20009.42500
x-routingcorrelationid: f392c809-97d7-448d-8606-3138b615dffb
x-routingofficecluster: wus-100.forms.office.com
x-routingofficefe: FormsSingleBox_IN_1
x-routingofficeversion: 16.0.20009.42500
x-routingsessionid: 60303fac-bae4-4a36-9638-c30e3813735c
x-usersessionid: 60303fac-bae4-4a36-9638-c30e3813735c

Recommendations

Enable compression (gzip/brotli) to improve performance