Website Security Test of forms.office.com

Executive Summary for forms.office.com

• Web Software Security Test
  2 third-party web software dependancies were identified. All appear to be outdated, but no known vulnerabilities were detected. No Content Management System (CMS) was identified. The following CMS components, JS-libraries or frameworks were identified: react-is, underscore.js. Show details.
• GDPR Compliance Test
  No obvious GDPR-related compliance issues were detected across Privacy Policy, Website Security, TLS Encryption, Cookie Protection, Cookie Disclaimer. Show details.
• HTTP Headers Security Test
  Issues were identified with key security headers: missing Content-Security-Policy, X-Frame-Options. Optional HTTP headers appear to be properly configured: X-Powered-By, X-AspNet-Version. Deprecated HTTP headers detected: Public-Key-Pins, Public-Key-Pins-Report-Only, X-XSS-Protection. Show details.
• Content Security Policy (CSP) Test
  Content-Security-Policy headers are not present. Show details.
• Cookies Privacy and Security Test
  2 cookies detected; DcLcid, AADNonce.forms have security or privacy-related configuration issues. Show details.
• External Content Security Test
  14 external requests detected; all requests completed successfully. Show details.
• Protection from Data Scraping Test
  No significant anti-scraping protections were detected. Show details.