HTTP Headers Analysis for https://testdrive.microsoftedge.com

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Good

base-uri; font-src; form-action; +12 more

base-uri 'none'; font-src 'self' data: https://*.microsoft.com http://c.s-microsoft.com https://c.s-microsoft.com https://edgestatic.azureedge.net https://edgecdn-embza6g8cacagcbn.z01.azurefd.net https://edgecdn-embza6g8cacagcbn.b02.azurefd.net https://assets.onestore.ms; form-action 'self' https://*.microsoft.com https://*.bing.com; frame-ancestors 'self' https://*.microsoft.com https://*.bing.com chrome-untrusted://dual-search; img-src * data:; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://statics-marketingsites-wcus-ms-com.akamaized.net https://statics-marketingsites-eus-ms-com.akamaized.net https://statics-marketingsites-neu-ms-com.akamaized.net https://statics-marketingsites-eas-ms-com.akamaized.net https://edgestatic.azureedge.net https://edgecdn-embza6g8cacagcbn.z01.azurefd.net https://edgecdn-embza6g8cacagcbn.b02.azurefd.net https://assets.onestore.ms; script-src 'nonce-8sevjDx7G7tTqxQ3fpRT2cpJ' 'strict-dynamic'; upgrade-insecure-requests; default-src 'self' https://edgestatic.azureedge.net https://edgecdn-embza6g8cacagcbn.z01.azurefd.net https://edgecdn-embza6g8cacagcbn.b02.azurefd.net https://*.microsoft.com; require-trusted-types-for 'script'; connect-src 'self' http://*.microsoft.com https://*.microsoft.com https://*.bing.com https://*.bing.net https://*.clarity.ms https://js.monitor.azure.com https://edgestatic.azureedge.net https://edgecdn-embza6g8cacagcbn.z01.azurefd.net https://edgecdn-embza6g8cacagcbn.b02.azurefd.net https://consentreceiverfd-prod.azurefd.net https://cdn.linkedin.oribi.io https://*.linkedin.com https://*.licdn.com/ https://boost.mediation.trafficmanager.net https://boost-client-czcnbahycxbnamaq.b01.azurefd.net https://*.adnxs.com https://app.adjust.com; frame-src 'self' http://*.microsoft.com https://*.microsoft.com https://*.msn.com https://*.msn.cn https://*.bing.com https://www.youtube-nocookie.com https://microsoft-store-11800745.azurewebsites.net https://*.tiktok.com; media-src 'self' https://edgestatic.azureedge.net https://edgecdn-embza6g8cacagcbn.z01.azurefd.net https://edgecdn-embza6g8cacagcbn.b02.azurefd.net;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer

Permissions-Policy

Present

camera=(self), display-capture=(), fullscreen=(self), geolocation=(), microphone=()

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Strengthen CSP by removing 'unsafe-eval'

Performance Headers

2 headers

Connection

Performance

close

Vary

Performance

Accept-Encoding

Caching Headers

2 headers

Cache-Control

Caching

no-cache

Expires

Caching

Thu, 25 Dec 2025 06:23:06 GMT

Content Headers

2 headers

Content-Length

Content

96659

Content-Type

Content

text/html;charset=utf-8

Server Headers

0 headers

No server headers found

CORS Headers

1 headers

Access-Control-Allow-Origin

Cors

*

Cookies Headers

0 headers

No cookies headers found

Other Headers

8 headers

Akamai-Cache-Status

Other

Miss from child, Miss from parent

Akamai-Grn

Other

0.70c83017.1766643785.1c83c3d0

Date

Other

Thu, 25 Dec 2025 06:23:06 GMT

Origin-Agent-Cluster

Other

?1

X-Azure-Ref

Other

20251225T062305Z-16b669c9d88cdcqxhC1BL1vvyn0000000tq000000000e4q9

X-Dns-Prefetch-Control

Other

off

X-Download-Options

Other

noopen

X-Permitted-Cross-Domain-Policies

Other

none

Recommendations

Enable compression (gzip/brotli) to improve performance