HTTPS, SSL & Security Report for onedrive.live.com

This report summarizes how well onedrive.live.com is configured for secure web delivery. It covers HTTPS availability, HTTP→HTTPS redirects, TLS/SSL certificate validity, security headers, HTTP/2 and HTTP/3 support, and mixed content. Use it to quickly spot configuration gaps and improve your site's security and trust.

SecureScore90/100Last checked: 6 Jul 2026 at 04:16 UTC
HTTPS

Enabled

HTTP → HTTPS

Yes

TLS

A · 1.2, 1.3

Security headers

0/6

Detailed checks

HTTPS availability

The site is reachable over HTTPS.

Why it matters: HTTPS encrypts traffic and protects user data.

HTTP to HTTPS redirect

Requests to HTTP are redirected to HTTPS.

TLS & CertificateA

ValidYes
IssuerC=US, O=Microsoft Corporation, CN=Microsoft TLS G2 RSA CA OCSP 04
Expires2027-01-17
Days until expiry195 days

Why it matters: A valid, non-expired certificate ensures encryption is trusted by browsers.

To improve your grade

  • Improve: Short Redirect Chain (+5 pts).
  • Improve: Security Headers (+5 pts).
  • For A+: add HSTS preload.
  • For A+: add Content-Security-Policy.

Monitor this domain

We'll check SSL grade, HTTPS, redirects, and security headers automatically. Email only when something changes.

Start monitoring — freeOne-click account with Google, GitHub, or email. No password.

Free: 1 domain, weekly. Plans from €7/mo — daily checks, up to 50 domains, history & white-label PDF.

Grade breakdown4 things to improve for a higher grade →
90/100 pts
HTTPS Connection
+25/25
HTTP to HTTPS Redirect
+20/20
Valid SSL Certificate
+20/20
Certificate Not Expiring Soon
+10/10
Short Redirect Chain
+0/5
HSTS Enabled
+5/5
Security Headers
+0/5

Requires 4 of 6 headers and Content-Security-Policy (CSP).

Modern TLS (no 1.0/1.1)
+10/10

To improve your grade

  • Improve: Short Redirect Chain (+5 pts).
  • Improve: Security Headers (+5 pts).
  • For A+: add HSTS preload.
  • For A+: add Content-Security-Policy.

Security headers0/6

  • HSTS
  • CSP
  • X-Frame-Options
  • X-Content-Type-Options
  • Referrer-Policy
  • Permissions-Policy

Score: 0 of 6 headers present. For the grade factor (5 pts), 4+ headers and Content-Security-Policy (CSP) are both required.

HSTS (HTTP Strict Transport Security)Enabled

  • EnabledYes
  • Max-Age365 days
  • PreloadNo
  • On HSTS preload listNo
Submit or verify on hstspreload.org

Why it matters: HSTS tells browsers to use only HTTPS for this site. Preload allows inclusion in browsers’ built-in HSTS lists.

We check Chromium’s built-in list. hstspreload.org checks eligibility for submission (HSTS header, redirect chain). Results may differ for domains that are preloaded but no longer meet current eligibility rules.

HTTP/2

Negotiated (ALPN h2)

ALPN: h2

HTTP/3 (QUIC)

Not advertised

The server does not advertise HTTP/3 (QUIC) via the Alt-Svc header.

DNS Security

CAA: Configured · DNSSEC: Not signed · HTTPS record: Not setExpand
CAAConfigured

Allowed issuers: microsoft.com, dtrust.de, globalsign.com, digicert.com, entrust.net

DNSSEC
Not signed
HTTPS Record
Not set

No HTTPS record. Browsers discover protocols via connection — an HTTPS record speeds this up. Learn more →

Mixed content

None detected

No HTTP resources were detected on the HTTPS page.

Redirect chain693ms total

When you visit the site over HTTP, the server may send you through one or more redirects until you land on the final HTTPS URL. Shorter chains are faster and better for SEO.

  1. 1.http://onedrive.live.com166ms
  2. 2.https://onedrive.live.com/188ms
  3. 3.https://www.microsoft.com/microsoft-365/onedrive/online-cloud-storage89ms
  4. 4.https://www.microsoft.com/en-us/microsoft-365/onedrive/online-cloud-storage250ms

Recommendations for onedrive.live.com

Based on this scan, here are the 4 next steps that would most improve security and SEO for onedrive.live.com.

  1. Shorten the redirect chain (3 hops)

    Recommended

    Requests to onedrive.live.com pass through 3 redirects before reaching the final URL. Each hop adds latency and dilutes SEO signals — aim for a single 301 from HTTP to the canonical HTTPS URL.

  2. Add 6 missing security headers

    Recommended

    onedrive.live.com sends 0 of 6 recommended security headers — missing: HSTS, CSP, X-Frame-Options…. Most take one line of server config and protect against clickjacking, MIME sniffing and data leaks.

  3. Consider HSTS preload

    Nice to have

    HSTS is enabled for onedrive.live.com but the domain is not on the browser preload list, so the very first visit can still go over HTTP. Preloading closes that gap — but read the requirements first, removal is slow.

  4. Consider HTTP/3

    Nice to have

    onedrive.live.com supports HTTP/2 but does not advertise HTTP/3 (QUIC). HTTP/3 improves performance on lossy mobile networks. If you are behind Cloudflare or a modern CDN it is usually a toggle.

Show this badge on your site

Let your visitors know your SSL setup is verified. The badge always shows your current grade and links to this report. Paste the snippet into your site footer:

SSL grade badge for onedrive.live.com← live preview, updates automatically
<a href="https://httpsornot.com/report/onedrive.live.com?utm_source=badge" target="_blank" rel="noopener">
  <img src="https://httpsornot.com/badge/onedrive.live.com.svg" alt="SSL grade for onedrive.live.com — checked by HTTPS Checker" height="20" loading="lazy" />
</a>

Domain owner? If you want this report removed or made private, contact us.