| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| X-App-Name | ToDo |
| Server | Microsoft-HTTPAPI/2.0 |
| Content-Security-Policy-Report-Only | default-src 'self' blob: *.microsoft.com *.msecnd.net *.msocdn.com *.msedge.net *.live.com graph.windows.net config.edge.skype.net config.edge.skype.com *.officeppe.com *.office.com *.office.net *.office365.com static2.sharepointonline.com *.nrb.footprintdns.com ow2.res.office365.com *.cdn.office.net *.df.onecdn.static.microsoft *.public.onecdn.static.microsoft *.cdn.partner.outlook.cn to-do-cdn.microsoft.com res-dev.cdn.officeppe.net; script-src 'nonce-WSPcpgBQfY2+nlalXUl9cw==' 'self' *.microsoft.com *.msecnd.net *.msocdn.com *.msedge.net *.live.com graph.windows.net *.officeppe.com *.office.com *.office.net *.office365.com static2.sharepointonline.com *.nrb.footprintdns.com mem.gfx.ms assets.onestore.ms c.s-microsoft.com img-prod-cms-rt-microsoft-com.akamaized.net az725175.vo.msecnd.net secure.addcdn.microsoftonline-p.com amcdn.msauth.net amcdn.msftauth.net statics-uhf-eus.akamaized.net statics-uhf-wus.akamaized.net statics-uhf-neu.akamaized.net statics-uhf-eas.akamaized.net statics-marketingsites-neu-ms-com.akamaized.net statics-marketingsites-eus-ms-com.akamaized.net statics-marketingsites-eas-ms-com.akamaized.net statics-marketingsites-wcus-ms-com.akamaized.net mem.gfx.ms ajax.aspnetcdn.com ow2.res.office365.com *.cdn.office.net *.df.onecdn.static.microsoft *.public.onecdn.static.microsoft *.cdn.partner.outlook.cn to-do-cdn.microsoft.com res-dev.cdn.officeppe.net owamaildev.blob.core.windows.net js.monitor.azure.com 'strict-dynamic' 'unsafe-eval'; style-src 'self' 'unsafe-inline' data: *.microsoft.com *.msecnd.net *.msocdn.com *.msedge.net *.live.com graph.windows.net *.officeppe.com *.office.com *.office.net *.office365.com static2.sharepointonline.com *.nrb.footprintdns.com mem.gfx.ms assets.onestore.ms c.s-microsoft.com img-prod-cms-rt-microsoft-com.akamaized.net az725175.vo.msecnd.net secure.addcdn.microsoftonline-p.com amcdn.msauth.net amcdn.msftauth.net statics-uhf-eus.akamaized.net statics-uhf-wus.akamaized.net statics-uhf-neu.akamaized.net statics-uhf-eas.akamaized.net statics-marketingsites-neu-ms-com.akamaized.net statics-marketingsites-eus-ms-com.akamaized.net statics-marketingsites-eas-ms-com.akamaized.net statics-marketingsites-wcus-ms-com.akamaized.net ow2.res.office365.com *.cdn.office.net *.df.onecdn.static.microsoft *.public.onecdn.static.microsoft *.cdn.partner.outlook.cn to-do-cdn.microsoft.com res-dev.cdn.officeppe.net owamaildev.blob.core.windows.net; img-src 'self' data: blob: *.microsoft.com *.msecnd.net *.msocdn.com *.msedge.net *.live.com graph.windows.net *.officeppe.com *.office.com *.office.net *.office365.com static2.sharepointonline.com *.nrb.footprintdns.com mem.gfx.ms assets.onestore.ms c.s-microsoft.com img-prod-cms-rt-microsoft-com.akamaized.net az725175.vo.msecnd.net secure.addcdn.microsoftonline-p.com amcdn.msauth.net amcdn.msftauth.net ow2.res.office365.com *.cdn.office.net *.df.onecdn.static.microsoft *.public.onecdn.static.microsoft *.cdn.partner.outlook.cn to-do-cdn.microsoft.com res-dev.cdn.officeppe.net owamaildev.blob.core.windows.net *.azureedge.net *.aadcdn.microsoftonline-p.com *.blob.core.windows.net *.msftauthimages.net; connect-src 'self' *.microsoft.com *.office.com ow2.res.office365.com *.cdn.office.net *.df.onecdn.static.microsoft *.public.onecdn.static.microsoft *.cdn.officeppe.net *.cdn.partner.outlook.cn to-do-cdn.microsoft.com res-1-cdn.azureedge.eaglex.ic.gov res-1-cdn.azureedge.microsoft.scloud config.edge.skype.net config.edge.skype.com shellprod.msocdn.com graph.windows.net *.microsoftonline.com *.officeapps.live.com *.cloud.microsoft *.msedge.net *.office365.com *.config.skype.com outlook.live.com *.events.data.microsoft.com consentreceiverfd-prod.azurefd.net *.cloud.microsoft *.msedge.net *.office365.com *.config.skype.com outlook.live.com; base-uri 'self'; object-src 'none'; frame-ancestors *.microsoft.com *.msecnd.net *.msocdn.com *.msedge.net *.live.com graph.windows.net *.officeppe.com *.office.com *.office.net *.office365.com static2.sharepointonline.com *.nrb.footprintdns.com teams.microsoft.com *.teams.microsoft.com *.skype.com res-dev.cdn.officeppe.net 'self'; font-src 'self' data: chrome-extension *.microsoft.com *.msecnd.net *.msocdn.com *.msedge.net *.live.com graph.windows.net *.officeppe.com *.office.com *.office.net *.office365.com static2.sharepointonline.com *.nrb.footprintdns.com mem.gfx.ms assets.onestore.ms c.s-microsoft.com img-prod-cms-rt-microsoft-com.akamaized.net az725175.vo.msecnd.net secure.addcdn.microsoftonline-p.com amcdn.msauth.net amcdn.msftauth.net ow2.res.office365.com *.cdn.office.net *.df.onecdn.static.microsoft *.public.onecdn.static.microsoft *.cdn.partner.outlook.cn to-do-cdn.microsoft.com res-dev.cdn.officeppe.net; frame-src 'self' *.microsoft.com *.msecnd.net *.msocdn.com *.msedge.net *.live.com graph.windows.net *.officeppe.com *.office.com *.office.net *.office365.com static2.sharepointonline.com *.nrb.footprintdns.com *.microsoftonline.com *.microsoft.io *.windows.net *.office.com *.office.com:1443 microsoft-my.sharepoint.com microsoft.sharepoint.com *.yammer.com https://graph.facebook.com/ https://www.facebook.com/ https://accounts.google.com/ mem.gfx.ms https://*.access.mcas.ms https://*.access.mcas-gov.ms *.access.mcas.ms *.access.mcas-gov.ms; manifest-src 'self' ow2.res.office365.com *.cdn.office.net *.df.onecdn.static.microsoft *.public.onecdn.static.microsoft *.cdn.partner.outlook.cn to-do-cdn.microsoft.com; worker-src 'self' blob: *.officeppe.com *.office.com *.office.net *.office365.com static2.sharepointonline.com *.nrb.footprintdns.com; require-trusted-types-for 'script'; report-uri https://csp.microsoft.com/report/OutlookWeb-ToDo-PROD; |
| X-Bepartition | CLEURPRD10CDG03 |
| X-Client-Version | 2595912_2.128.3 |
| X-Clique | CLEURPRD10CDG03 |
| X-Feserver | AM0PR10CA0046 |
| Date | Sat, 05 Apr 2025 10:30:30 GMT |
| Request-Id | a16f5c35-0f12-88e7-1097-150df5105f07 |
| Ms-Cv | NVxvoRIP54gQlxUN9RBfBw.1.1 |
| X-Web-Server-Version | 25.3.24.1 |
| Strict-Transport-Security | max-age=31536000; includeSubDomains |
| Expires | -1 |
| X-Frame-Options | sameorigin |
| X-Firsthopcafeefz | AMS |
| X-Nanoproxy | 1,1 |
| X-Backendhttpstatus | 200,200 |
| X-Proxy-Backendserverstatus | 200 |
| X-Calculatedfetarget | PR1P264CU003.internal.outlook.com |
| X-Besku | UNKNOWN |
| Vary | Accept-Encoding |
| Referrer-Policy | no-referrer |
| X-Calculatedbetarget | PA1PR10MB9177.EURPRD10.PROD.OUTLOOK.COM |
| Cache-Control | no-cache |
| Alt-Svc | h3=":443";ma=2592000,h3-29=":443";ma=2592000 |
| Set-Cookie | ClientId=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/ |
| Content-Type | text/html |
| Cross-Origin-Opener-Policy | same-origin-allow-popups |
| X-Feefzinfo | CDG |
| X-Proxy-Routingcorrectness | 1 |
| Pragma | no-cache |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar