Skip to main content
Trust report

microsoft.com

TrustedVisit siteFresh scan · 7/17/2026, 10:23:45 PM

91/100 — trusted. Long-established, no impersonation patterns, no scam-correlated signals.

Verdict driven by: missing Content Security Policy; large response served uncompressed — worth extra caution before trusting.

Top scam signals
  • Missing Content Security Policy
    Restricts which scripts and resources the page can load.
  • Large response served uncompressed
    Enable gzip or brotli at the edge to cut transfer size dramatically.
SL Trust Core
91
safe
Category breakdown
Identity & Age70/100
1 signal · weight 22
Impersonation Risk100/100
2 signals · weight 22
Red Flags100/100
1 signal · weight 18
Transparency99/100
8 signals · weight 14
Security79/100
8 signals · weight 8
Email100/100
3 signals · weight 4
Infrastructure100/100
5 signals · weight 4
Content100/100
2 signals · weight 3
Performance89/100
3 signals · weight 3
Technical Health70/100
3 signals · weight 2
Positive signals
  • Site responded with 200
  • HTTPS is enforced
  • Fast response (391ms)
  • Served through Cloudflare
  • 2 address record(s) resolved
  • IPv6 (AAAA) available
Warnings
  • Missing Content Security Policy
  • Large response served uncompressed
Critical
None detected.
Helpful?
Recommendations

Top 1 things to fix

  • medium · security
    Publish a Content Security Policy

    A minimal CSP dramatically reduces the impact of XSS. Start with default-src 'self' and iterate.

Root label
microsoft
TLD
.com
Uses punycode (xn--)
no
Mixed-script (homoglyph)
no
Brand match
microsoft (this IS the real brand's domain)
Typosquat check
no typosquat pattern
Phishing suffix tokens
none
microsoft is the real brand's registered domain
The root label matches the brand exactly — this IS the brand's own domain.
+10
No impersonation patterns detected
Domain doesn't look like a typosquat, doesn't embed a well-known brand, and uses ASCII characters.
+8
Payment red flags
none detected
Urgency / pressure language
none detected
Disposable-domain combo
no
Page text length scanned
4,538 chars
No scam-correlated language found on the home page
No crypto-only / gift-card / wire-only payment demands, and no obvious urgency tactics.
+6
RDAP returned 403
Final URL
https://www.microsoft.com/en-gb
Status
200
Response time
391ms
Server
cloudflare
CDN
Cloudflare
Content-Type
text/html; charset=utf-8
Body size
193.8 KB
Redirects
2
Redirect chain
  1. 301https://www.microsoft.com/
  2. 302https://www.microsoft.com/en-gb
Site responded with 200
Final URL: https://www.microsoft.com/en-gb. Response time 391ms.
+8
HTTPS is enforced
All redirects stayed on HTTPS. Traffic is encrypted end-to-end.
+10
Fast response (391ms)
+6
Served through Cloudflare
Sites behind a major CDN benefit from DDoS protection and edge caching.
+4
A
150.171.110.210
AAAA
2603:1061:14:1d1::1
MX
10 microsoft-com.mail.protection.outlook.com
NS
ns1-39.azure-dns.com, ns2-39.azure-dns.net, ns3-39.azure-dns.org, ns4-39.azure-dns.info
TXT count
61
2 address record(s) resolved
+4
IPv6 (AAAA) available
Modern dual-stack setup.
+2
4 authoritative nameservers
+2
ssl timed out after 8000ms
HSTSmissing: Content Security Policymissing: X-Frame-Optionsmissing: X-Content-Type-Optionsmissing: Referrer Policymissing: Permissions Policy
HSTS is set
Tells browsers to only use HTTPS for this domain.
+6
Missing Content Security Policy
Restricts which scripts and resources the page can load.
-4
Missing X-Frame-Options
Prevents clickjacking by disallowing framing.
-3
Missing X-Content-Type-Options
Blocks MIME-sniffing browser attacks.
-2
Missing Referrer Policy
Controls what referrer information is sent with requests.
-2
Missing Permissions Policy
Restricts access to powerful browser features (camera, mic, etc.).
-2
SPF
v=spf1 include:_spf-a.microsoft.com include:_spf-b.microsoft.com include:_spf-c.microsoft.com include:_spf-ssg-a.msft.net include:_spf1-meo.microsoft.com -all
DMARC
v=DMARC1; p=reject; pct=100; rua=mailto:itex-rua@microsoft.com; ruf=mailto:itex-ruf@microsoft.com; fo=1
DMARC policy
reject
DKIM selectors found
selector2
SPF record published
+5
DMARC published (reject)
+6
DKIM configured (selector2)
+3
Svelte· jsjQuery· jsTailwind CSS· cssGoogle Analytics· analyticsMicrosoft Clarity· analyticsCloudflare· cdn
Title
Microsoft – AI, Cloud, Productivity, Computing, Gaming & Apps
Description
Explore Microsoft products and services and support for your home or business. Shop Microsoft 365, Copilot, Teams, Xbox, Windows, Azure, Surface and more.
Language
en-GB
Charset
UTF-8
6 technologies detected
Svelte, jQuery, Tailwind CSS, Google Analytics, Microsoft Clarity, Cloudflare
Legacy jQuery detected without a modern framework
Not inherently unsafe, but often indicates an unmaintained site.
-2
Mobile viewport configured
+2
Phone numbers
00-3656897, +43201-43207, +43209-43224, +43226-43232, +43234-43236, +43270-43272
Privacy policy linked from home page
+6
Terms of service linked from home page
+5
Contact page linked from home page
+5
About page linked from home page
+3
No refund/return policy found
Reputable sites usually publish a refund/return policy.
-3
No cookie policy found
Reputable sites usually publish a cookie policy.
-2
3 social profile(s) linked
twitter, facebook, instagram
+3
Phone number published
+2
Diagnostics

Scan performance

engine 5.1.0 · report v5
Total scan time
8110 ms
Cache
Miss
Final response
391 ms
Redirects
2
Plugins executed
18
Plugins failed
5
Signal confidence
72%
Per-plugin timings
sslfailed · 8000 ms
phishstatsfailed · 3500 ms
http391 ms
robots388 ms
sitemap256 ms
urlhausfailed · 131 ms
email-security110 ms
dns15 ms
rdapfailed · 2 ms
reputation0 ms
impersonation0 ms
safe-browsingfailed · 0 ms
security-headers0 ms
tech0 ms
content0 ms
redirects0 ms
performance0 ms
red-flags0 ms