Security Analysis Results

h3=":443";ma=2592000,h3-29=":443";ma=2592000

no-cache

gzip

default-src *.res.office365.com *.fluidpreview.office.net *.cdn.office.net *.df.onecdn.static.microsoft *.public.onecdn.static.microsoft swx.cdn.skype.com 'self'; script-src 'nonce-iMVy+9noO2nAHVYqOPyg1g==' *.res.office365.com *.fluidpreview.office.net *.cdn.office.net *.df.onecdn.static.microsoft *.public.onecdn.static.microsoft wss://*.delve.office.com:443 shellprod.msocdn.com amcdn.msauth.net amcdn.msftauth.net *.skype.com *.skypeassets.com *.delve.office.com *.cdn.office.net *.df.onecdn.static.microsoft *.public.onecdn.static.microsoft static.teams.microsoft.com teams.microsoft.com cdn.forms.office.net blob: 'report-sample' 'self' 'wasm-unsafe-eval' acdn.adnxs.com cdn.adnxs.com; style-src *.res.office365.com *.fluidpreview.office.net *.cdn.office.net *.df.onecdn.static.microsoft *.public.onecdn.static.microsoft shellprod.msocdn.com *.skype.com 'self' 'report-sample' 'unsafe-inline' *.engage.cloud.microsoft 'unsafe-inline'; img-src * data: blob: filesystem: cid:; connect-src blob: data: *.res.office365.com *.fluidpreview.office.net *.cdn.office.net *.df.onecdn.static.microsoft *.public.onecdn.static.microsoft *.services.web.outlook.com login.live.com login.microsoftonline.com spoprod-a.akamaihd.net shellprod.msocdn.com *.bing.com *.office.net *.office.com *.office365.com *.officeapps.live.com *.skype.com *.skypeassets.com *.spoppe.com *.onedrive.com my.microsoftpersonalcontent.com browser.pipe.aria.microsoft.com *.gateway.messenger.live.com dev.virtualearth.net *.trouter.skype.com *.trouter.io wss://*.trouter.skype.com wss://*.trouter.skype.com:443 wss://*.trouter.io:443 media.licdn.com *.facebook.com onerm.olsvc.com *.qas.binginternal.com *.qas.bing.net wss://*.qas.bing.net:443 wss://*.platform.bing.com wss://*.botframework.com:443 wss://augloop.office.com wss://*.augloop.office.com outlook.live.com graph.microsoft.com *.graph.microsoft.com *.office.microsoft.com api.box.com api.dropboxapi.com *.users.storage.live.com www.onenote.com *.storage.msn.com wss://*.pushd.svc.ms wss://*.pushs.svc.ms wss://*.pushb.svc.ms wss://*.pushp.svc.ms wss://*.svc.ms nleditor.osi.officeppe.net pptservicescast.officeapps.live.com *.sharepoint-df.com *.sharepoint.com wss://*.delve.office.com:443 wss://*.loki.delve.office.com:443 wss://*.loki.delve.office.com *.delve.office.com *.loki.delve.office.com web.vortex.data.microsoft.com *.events.data.microsoft.com *.online.lync.com *.infra.lync.com wss://*.cortana.ai *.cortana.ai fs.microsoft.com newspro.microsoft.com 'self' attachment.outlook.live.net *.adnxs.com api.taboola.com api.msn.com ris.api.iris.microsoft.com srtb.msn.com *.engage.cloud.microsoft wss://augloop-dogfood.officeppe.com wss://*.augloop-dogfood.officeppe.com wss://augloop-gcc.office.com wss://*.augloop-gcc.office.com wss://augloop.office.com wss://*.augloop.office.com wss://augloop.svc.cloud.microsoft wss://*.augloop.svc.cloud.microsoft aesir.office.com *.oscs.protection.outlook.com *.safelinks.protection.outlook.com arc.msn.com *.dynamics.com *.mos.microsoft.com ris.api.iris.microsoft.com services.bingapis.com prod-autodetect.outlookmobile.com *.googleapis.com admin.microsoft.com admin.microsoft.com *.bpa.microsoft.com teams.cloud.microsoft api.tenor.com attachment.outlook.live.net *.msedge.net app.whiteboard.microsoft.com whiteboard.office.com whiteboard.cloud.microsoft outlook.cloud.microsoft identity.osi.office.net wss://substrate.office.com *.adnxs.com api.flow.microsoft.com *.sharepoint.de; base-uri browser.pipe.aria.microsoft.com 'self'; form-action *.officeapps.live.com *.sharepoint-df.com *.sharepoint.com *.odwebp.svc.ms login.microsoftonline.com login.live.com *.sharepoint.de login.live.com; object-src *.office.net 'self' attachments.office.net attachment.outlook.live.net attachment.outlook.live.net blob:; frame-ancestors 'self' teams.microsoft.com; font-src data: *.res.office365.com *.fluidpreview.office.net *.cdn.office.net *.df.onecdn.static.microsoft *.public.onecdn.static.microsoft spoprod-a.akamaihd.net *.skype.com ms-appx-web: sharepointonline.com *.sharepointonline.com *.delve.office.com fs.microsoft.com 'self' *.engage.cloud.microsoft; media-src blob: data: *.res.office365.com *.cdn.office.net *.df.onecdn.static.microsoft *.public.onecdn.static.microsoft *.sharepoint-df.com *.skype.com *.office.net *.office365.net *.office365-net.us *.office.com 'self' attachment.outlook.live.net *.adnxs.com *.engage.cloud.microsoft attachments.office.net attachment.outlook.live.net *.sharepoint.com *.sharepoint.de; frame-src * data: mailto:; manifest-src 'self'; worker-src 'self' blob: *.office.com; child-src 'self' blob: *.office.com; report-uri https://csp.microsoft.com/report/OutlookWeb-Mail-PROD; upgrade-insecure-requests;

require-trusted-types-for 'script'; trusted-types owaTrustedTypesPolicy owa#webpack cdn-url#oneshell safe-xml#oneshell workerScriptTrustedTypesPolicy augloopTrustedTypesPolicy 1DSScriptURL dompurify adaptivecards#deprecatedExportedFunctionPolicy adaptivecards#deprecatedExportedFunctionPolicy highcharts owaAdsTrustedTypesPolicy @msteams/embed-client @fluidx/loop workerPolicy MeControlScriptURL adaptivecards#markdownPassthroughPolicy fast-html adaptivecards#restoreContentsPolicy @1js/midgard-trusted-types @1js/lpc-common-web#webpack @centro/hvc-loader html2canvas osfRuntimeScriptPolicy yammer-outlook-trusted-types-policy#webpack @azure/ms-rest-js#xml.browser react-virtualized-auto-sizer lit-html officebrowserfeedback#domUtils troubleshootPolicy consolePolicy ori_importmap TrustedTypePolicyFactory workerScriptPolicy iFrameDocumentTrustedTypesPolicy nativePdfPreviewTrustedTypesPolicy workerLoaderTrustedTypesPolicy @1js/search-converged-hostapp-owa-bundle#webpack suiteuxShellTrustedTypesPolicy @azure/core-xml#xml.browser @1js/midgard-bootstrapper#webpack trustedInnerHTMLPolicy domUtilsTrustedTypePolicy dangerouslySetInnerHTMLPolicy overlayScrollbarsTrustedTypesPolicy @msteams/services-io-browser-web-client-update#register-service-worker @fluidx/loop#loop-page-container @fluidx/loop#odsp-driver @fluidx/loop#office-fluid-container @fluidx/loop#sourceless-iframe webpack-dev-server#overlay placesMapWorkerPolicy @fluidx/loop-app-worker-template ori-worker-policy default owaLoopTrustedTypesPolicy 'allow-duplicates'; report-uri https://csp.microsoft.com/report/OutlookWeb-Mail-PROD;

text/html

same-origin-allow-popups

Sun, 20 Jul 2025 15:40:44 GMT

-1

<https://res.public.onecdn.static.microsoft/>; rel="preconnect"

a7Twei4o6ugeBvtqtURRVQ.1.1

{"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}

Apss6avQMrDIaTfgtZghJaQJ5VC/PhuSEosafJ3+aDW1VPwBTFN43bgy2UNZLHt2hChKB1jWn+sAk2g6a9Svaw0AAABteyJvcmlnaW4iOiJodHRwczovL2xpdmUuY29tOjQ0MyIsImZlYXR1cmUiOiJMb25nQW5pbWF0aW9uRnJhbWVUaW1pbmciLCJleHBpcnkiOjE3MTY5NDA3OTksImlzU3ViZG9tYWluIjp0cnVlfQ==

no-cache

strict-origin

{"group":"NelOfficeUpload1","max_age":7200,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?TenantId=&FrontEnd=Cafe&DestinationEndpoint=EAT&RemoteIP=104.28.153.0&Environment=MT&HttpStatusFrom=BE&ServiceName=Default.mail&MiraPartnerName="}],"include_subdomains":true}

7af0b46b-282e-e8ea-1e06-fb6ab5445155

Microsoft-HTTPAPI/2.0

max-age=31536000; includeSubDomains

chunked

Accept-Encoding

200,200

PH7PR03MB6861.NAMPRD03.PROD.OUTLOOK.COM

DS7PR03CU001.internal.outlook.com

20250711010.05

CLNAMPRD03PHX01

DSM

MW4PR02CA0015

EAT

1,1

200

1

Mail

UNKNOWN

25.7.7.4