Open
Cached
·
just now
21
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Basic
default-src; script-src; img-src; +13 more
default-src none;script-src https://res.public.onecdn.static.microsoft https://res.df.onecdn.static.microsoft https://cdn.graph.office.net https://www.microsoft.com https://mwf-service.akamaized.net https://partnerresources.microsoft.com https://ajax.aspnetcdn.com https://az725175.vo.msecnd.net *.clarity.ms https://teams.microsoft.com https://az416426.vo.msecnd.net https://js.monitor.azure.com https://web.vortex.data.microsoft.com https://mem.gfx.ms https://wcpstatic.microsoft.com https://wcpstatic-int.microsoft.com https://browser.events.data.microsoft.com https://controls.account.microsoft.com:44308 https://amcdn.msftauth.net http://amcdn.msauth.net/ https://developer.microsoft.com https://graphprodblobstorage.blob.core.windows.net https://graph.office.net 'unsafe-inline' 'unsafe-eval' https://fabricweb.azureedge.net;img-src https://res.public.onecdn.static.microsoft https://res.df.onecdn.static.microsoft https://cdn.graph.office.net https://c1.microsoft.com https://img-prod-cms-rt-microsoft-com.akamaized.net https://c.bing.com https://img-prod-cms-rt-microsoft-com.akamaized.net *.clarity.ms https://devblogs.microsoft.com https://web.vortex.data.microsoft.com https://storage.live.com https://store-images.s-microsoft.com https://store-iamges.microsoft.com https://musicimage.xboxlive.com https://arc.msn.com https://developer.microsoft.com https://graphprodblobstorage.blob.core.windows.net data: https://static2.sharepointonline.com *.cdn.office.net https://fabricweb.azureedge.net;style-src https://res.public.onecdn.static.microsoft https://res.df.onecdn.static.microsoft https://cdn.graph.office.net https://partnerresources.microsoft.com https://www.microsoft.com https://statics-marketingsites-wcus-ms-com.akamaized.net https://statics-marketingsites-eus-ms-com.akamaized.net https://statics-marketingsites-neu-ms-com.akamaized.net https://mwf-service.akamaized.net https://developer.microsoft.com https://graphprodblobstorage.blob.core.windows.net https://graph.office.net 'unsafe-inline' https://static2.sharepointonline.com *.cdn.office.net;style-src-elem https://res.public.onecdn.static.microsoft https://res.df.onecdn.static.microsoft https://cdn.graph.office.net https://partnerresources.microsoft.com https://www.microsoft.com https://statics-marketingsites-wcus-ms-com.akamaized.net https://statics-marketingsites-eus-ms-com.akamaized.net https://statics-marketingsites-neu-ms-com.akamaized.net https://mwf-service.akamaized.net https://developer.microsoft.com https://graphprodblobstorage.blob.core.windows.net https://graph.office.net 'unsafe-inline' https://static2.sharepointonline.com *.cdn.office.net;font-src https://res.public.onecdn.static.microsoft https://res.df.onecdn.static.microsoft https://cdn.graph.office.net https://c.s-microsoft.com https://www.microsoft.com https://partnerresources.microsoft.com https://static2.sharepointonline.com https://spoprod-a.akamaihd.net https://res-1.cdn.office.net https://res.cdn.office.net https://developer.microsoft.com https://graphprodblobstorage.blob.core.windows.net https://graph.office.net https://spoppe-b.azureedge.net https://login.windows.net *.cdn.office.net;connect-src https://dc.services.visualstudio.com https://browser.events.data.microsoft.com https://web.vortex.data.microsoft.com *.clarity.ms https://browser.pipe.aria.microsoft.com https://res.public.onecdn.static.microsoft https://res.df.onecdn.static.microsoft https://cdn.graph.office.net https://consentreceiverfd-prod.azurefd.net https://login.microsoftonline.com https://login.live.com https://www.microsoft.com https://statics.teams.microsoft.com https://controls.account.microsoft.com:44308 https://amcdn.msftauth.net http://amcdn.msauth.net/ https://mem.gfx.ms https://developer.microsoft.com https://graphprodblobstorage.blob.core.windows.net https://api.github.com;form-action https://developer.microsoft.com/ https://codepen.io;frame-ancestors https://developer.microsoft.com;frame-src https://www.microsoft.com https://controls.account.microsoft-dev.com:44308 https://controls.account.microsoft.com:44308 https://login.microsoftonline.com https://login.live.com https://amcdn.msftauth.net http://amcdn.msauth.net/ https://mem.gfx.ms https://microsoft-onmicrosoft-com.access.mcas.ms/ https://developer.microsoft.com https://graphprodblobstorage.blob.core.windows.net;worker-src https://developer.microsoft.com data:;base-uri none;child-src data:;manifest-src ;media-src https://static2.sharepointonline.com *.cdn.office.net https://fabricweb.azureedge.net;object-src
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Connection
Performance
Transfer-Encoding
Transfer-Encoding
Performance
chunked
Caching Headers
3 headers
Cache-Control
Caching
public, max-age=3728, s-maxage=7200
Expires
Caching
Sat, 27 Dec 2025 18:40:31 GMT
Last-Modified
Caching
Sat, 27 Dec 2025 16:40:31 GMT
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
4 headers
Server
Server
Microsoft-IIS/10.0
X-Aspnet-Version
Server
4.0.30319
X-Aspnetmvc-Version
Server
5.2
X-Powered-By
Server
ASP.NET
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
7 headers
Akamai-Cache-Status
Other
Miss from child, Hit from parent
Akamai-Grn
Other
0.70c83017.1766857103.269d91ec
Content-Security-Policy-Report-Only
Other
object-src 'none';script-src 'nonce-nonce-m365devportals' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https:;base-uri 'none';trusted-types default 1DSScriptURL MeControlScriptURL goog#html dompurify editorViewLayer domLineBreaksComputer tokenizeToString editorGhostText defaultWorkerFactory standaloneColorizer diffReview diffEditorWidget adaptivecards#deprecatedExportedFunctionPolicy adaptivecards#markdownPassthroughPolicy adaptivecards#restoreContentsPolicy;require-trusted-types-for 'script';report-uri https://csp.microsoft.com/report/M365DeveloperPortals-PROD
Date
Other
Sat, 27 Dec 2025 17:38:23 GMT
Ms-Correlationid
Other
00000000-5253-4154-a87e-3528b54fb620
X-Akamai-Transformed
Other
9 15923 0 pmb=mRUM,1
X-Session-Id
Other
f455c779-d212-4b0f-b673-4ccaf277dac1
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology
Analysis completed in 492ms