HTTP Headers for xbox.com

Responds with HTTP 200 OK — 3 of 6 security headers present.

Domain to Check

200 OKhttps://www.xbox.com/en-US/

Security Headers3/6

HSTS

CSP

X-Frame-Options

X-Content-Type-Options

Referrer-Policy

Permissions-Policy

All Response Headers (12)

alt-svch3=":443"; ma=93600

connectionclose

content-encodinggzip

content-length46579

content-typetext/html; charset=utf-8

dateFri, 24 Apr 2026 15:43:01 GMT

set-cookieaka_locale=en-us; path=/; domain=.www.xbox.com; secure; HttpOnly

strict-transport-securitymax-age=10886400; includeSubDomains

varyAccept-Encoding

x-content-type-optionsnosniff

x-frame-optionsDENY

x-xss-protection0

Check any domain's SSL/TLS certificate — issuer, expiry, SANs, and cipher.

Searchable reference of all HTTP status codes with descriptions and use cases.

Look up WHOIS details for any domain or IP address.