| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Cache-Control | no-cache |
| Server | Microsoft-HTTPAPI/2.0 |
| Cross-Origin-Opener-Policy | same-origin-allow-popups |
| Link | <https://res.public.onecdn.static.microsoft/>; rel="preconnect" |
| X-Client-Version | 20250411007.06 |
| Content-Security-Policy | default-src *.res.office365.com *.fluidpreview.office.net *.cdn.office.net *.df.onecdn.static.microsoft *.public.onecdn.static.microsoft swx.cdn.skype.com 'self'; script-src 'nonce-Gul1Gm2YcIomwxUEtxaHPw==' *.res.office365.com *.fluidpreview.office.net *.cdn.office.net *.df.onecdn.static.microsoft *.public.onecdn.static.microsoft wss://*.delve.office.com:443 shellprod.msocdn.com amcdn.msauth.net amcdn.msftauth.net *.bing.com *.skype.com *.skypeassets.com *.delve.office.com *.cdn.office.net *.df.onecdn.static.microsoft *.public.onecdn.static.microsoft static.teams.microsoft.com teams.microsoft.com cdn.forms.office.net blob: 'report-sample' 'self' 'wasm-unsafe-eval' acdn.adnxs.com cdn.adnxs.com; style-src *.res.office365.com *.fluidpreview.office.net *.cdn.office.net *.df.onecdn.static.microsoft *.public.onecdn.static.microsoft shellprod.msocdn.com *.skype.com 'self' 'report-sample' 'unsafe-inline' *.engage.cloud.microsoft 'unsafe-inline'; img-src * data: blob: filesystem: cid:; connect-src blob: data: *.res.office365.com *.fluidpreview.office.net *.cdn.office.net *.df.onecdn.static.microsoft *.public.onecdn.static.microsoft *.services.web.outlook.com login.live.com login.microsoftonline.com spoprod-a.akamaihd.net shellprod.msocdn.com *.bing.com *.office.net *.office.com *.office365.com *.officeapps.live.com *.skype.com *.skypeassets.com *.spoppe.com *.onedrive.com my.microsoftpersonalcontent.com browser.pipe.aria.microsoft.com *.gateway.messenger.live.com dev.virtualearth.net *.trouter.skype.com *.trouter.io wss://*.trouter.skype.com wss://*.trouter.skype.com:443 wss://*.trouter.io:443 media.licdn.com *.facebook.com onerm.olsvc.com *.qas.binginternal.com *.qas.bing.net wss://*.qas.bing.net:443 wss://*.platform.bing.com wss://*.botframework.com:443 wss://augloop.office.com wss://*.augloop.office.com outlook.live.com graph.microsoft.com *.graph.microsoft.com *.office.microsoft.com api.box.com api.dropboxapi.com *.users.storage.live.com www.onenote.com *.storage.msn.com wss://*.pushd.svc.ms wss://*.pushs.svc.ms wss://*.pushb.svc.ms wss://*.pushp.svc.ms wss://*.svc.ms nleditor.osi.officeppe.net pptservicescast.officeapps.live.com *.sharepoint-df.com *.sharepoint.com wss://*.delve.office.com:443 wss://*.loki.delve.office.com:443 wss://*.loki.delve.office.com *.delve.office.com *.loki.delve.office.com web.vortex.data.microsoft.com *.events.data.microsoft.com *.online.lync.com *.infra.lync.com wss://*.cortana.ai *.cortana.ai fs.microsoft.com newspro.microsoft.com 'self' attachment.outlook.live.net *.adnxs.com api.taboola.com api.msn.com ris.api.iris.microsoft.com srtb.msn.com *.engage.cloud.microsoft wss://augloop-dogfood.officeppe.com wss://*.augloop-dogfood.officeppe.com wss://augloop-gcc.office.com wss://*.augloop-gcc.office.com wss://augloop.office.com wss://*.augloop.office.com wss://augloop.svc.cloud.microsoft wss://*.augloop.svc.cloud.microsoft aesir.office.com *.oscs.protection.outlook.com *.safelinks.protection.outlook.com arc.msn.com *.dynamics.com *.mos.microsoft.com ris.api.iris.microsoft.com services.bingapis.com prod-autodetect.outlookmobile.com *.googleapis.com admin.microsoft.com admin.microsoft.com *.bpa.microsoft.com teams.cloud.microsoft api.tenor.com attachment.outlook.live.net *.msedge.net app.whiteboard.microsoft.com whiteboard.office.com whiteboard.cloud.microsoft outlook.cloud.microsoft identity.osi.office.net wss://substrate.office.com *.adnxs.com wss://*.trouter.teams.microsoft.com api.flow.microsoft.com *.sharepoint.de; base-uri browser.pipe.aria.microsoft.com 'self'; form-action *.officeapps.live.com *.sharepoint-df.com *.sharepoint.com *.odwebp.svc.ms login.microsoftonline.com login.live.com *.sharepoint.de login.live.com; object-src *.office.net 'self' attachments.office.net attachment.outlook.live.net attachment.outlook.live.net; frame-ancestors 'self' teams.microsoft.com ; font-src data: *.res.office365.com *.fluidpreview.office.net *.cdn.office.net *.df.onecdn.static.microsoft *.public.onecdn.static.microsoft spoprod-a.akamaihd.net *.skype.com ms-appx-web: sharepointonline.com *.sharepointonline.com *.delve.office.com fs.microsoft.com 'self' *.engage.cloud.microsoft; media-src blob: data: *.res.office365.com *.cdn.office.net *.df.onecdn.static.microsoft *.public.onecdn.static.microsoft *.sharepoint-df.com *.skype.com *.office.net *.office365.net *.office365-net.us *.office.com 'self' attachment.outlook.live.net *.adnxs.com *.engage.cloud.microsoft attachments.office.net attachment.outlook.live.net *.sharepoint.com *.sharepoint.de; frame-src * data: mailto:; manifest-src 'self'; worker-src 'self' blob: *.office.com; child-src 'self' blob: *.office.com; report-uri https://csp.microsoft.com/report/OutlookWeb-Mail-PROD; upgrade-insecure-requests; |
| X-Backendhttpstatus | 200,200 |
| Origin-Trial | Apss6avQMrDIaTfgtZghJaQJ5VC/PhuSEosafJ3+aDW1VPwBTFN43bgy2UNZLHt2hChKB1jWn+sAk2g6a9Svaw0AAABteyJvcmlnaW4iOiJodHRwczovL2xpdmUuY29tOjQ0MyIsImZlYXR1cmUiOiJMb25nQW5pbWF0aW9uRnJhbWVUaW1pbmciLCJleHBpcnkiOjE3MTY5NDA3OTksImlzU3ViZG9tYWluIjp0cnVlfQ== |
| Referrer-Policy | strict-origin |
| X-Proxy-Backendserverstatus | 200 |
| Content-Security-Policy-Report-Only | require-trusted-types-for 'script'; trusted-types owaTrustedTypesPolicy owa#webpack cdn-url#oneshell safe-xml#oneshell workerScriptTrustedTypesPolicy augloopTrustedTypesPolicy 1DSScriptURL dompurify adaptivecards#deprecatedExportedFunctionPolicy adaptivecards#deprecatedExportedFunctionPolicy highcharts owaAdsTrustedTypesPolicy @msteams/embed-client @fluidx/loop workerPolicy MeControlScriptURL adaptivecards#markdownPassthroughPolicy fast-html adaptivecards#restoreContentsPolicy @1js/midgard-trusted-types @1js/lpc-common-web#webpack @centro/hvc-loader html2canvas osfRuntimeScriptPolicy yammer-outlook-trusted-types-policy#webpack @azure/ms-rest-js#xml.browser react-virtualized-auto-sizer lit-html officebrowserfeedback#domUtils troubleshootPolicy consolePolicy ori_importmap TrustedTypePolicyFactory workerScriptPolicy iFrameDocumentTrustedTypesPolicy nativePdfPreviewTrustedTypesPolicy workerLoaderTrustedTypesPolicy @1js/search-converged-hostapp-owa-bundle#webpack suiteuxShellTrustedTypesPolicy @azure/core-xml#xml.browser @1js/midgard-bootstrapper#webpack trustedInnerHTMLPolicy domUtilsTrustedTypePolicy dangerouslySetInnerHTMLPolicy overlayScrollbarsTrustedTypesPolicy @msteams/services-io-browser-web-client-update#register-service-worker @fluidx/loop#loop-page-container @fluidx/loop#odsp-driver @fluidx/loop#office-fluid-container @fluidx/loop#sourceless-iframe webpack-dev-server#overlay placesMapWorkerPolicy @fluidx/loop-app-worker-template ori-worker-policy default 'allow-duplicates'; report-uri https://csp.microsoft.com/report/OutlookWeb-Mail-PROD; |
| Ms-Cv | Z95yK/G3FwFUMELNJksAjw.1.1 |
| X-Besku | UNKNOWN |
| X-Clique | CLEURPRD01VIE02 |
| Vary | Accept-Encoding |
| Request-Id | 2b72de67-b7f1-0117-5430-42cd264b008f |
| X-Feserver | AM0PR01CA0093 |
| X-Web-Server-Version | 25.4.1.1 |
| Content-Type | text/html |
| X-Proxy-Routingcorrectness | 1 |
| X-Firsthopcafeefz | AMS |
| Date | Fri, 18 Apr 2025 19:06:08 GMT |
| X-Feefzinfo | VIE |
| Strict-Transport-Security | max-age=31536000; includeSubDomains |
| X-Nanoproxy | 1,1 |
| X-Calculatedfetarget | VI1P191CU002.internal.outlook.com |
| X-App-Name | |
| X-Calculatedbetarget | VI2PR01MB11453.EURPRD01.prod.exchangelabs.com |
| Pragma | no-cache |
| Expires | -1 |
| Alt-Svc | h3=":443";ma=2592000,h3-29=":443";ma=2592000 |
| Set-Cookie | ClientId=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/ |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar