Security Report Summary
D
Site: https://www.bankjerusalem.co.il/
IP Address: 176.100.166.89
Report Time: 07 Jul 2026 16:51:26 UTC
Headers:
  • X-Frame-Options
  • Strict-Transport-Security
  • Content-Security-Policy
  • X-Content-Type-Options
  • Referrer-Policy
  • Permissions-Policy
Advanced:
Your site could be at risk, let’s perform a deeper security analysis of your site and APIs:
Missing Headers
Content-Security-PolicyContent Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets.
X-Content-Type-OptionsX-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff".
Referrer-PolicyReferrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.
Permissions-PolicyPermissions Policy is a new header that allows a site to control which features and APIs can be used in the browser.
Raw Headers
HTTP/1.1200 OK
Content-Typetext/html; charset=utf-8
Transfer-Encodingchunked
Connectionkeep-alive
Set-Cookie__uzma=b4049509-8bb0-43bc-afdf-954e6343346e; HttpOnly; path=/; Expires=Tue, 05-Jan-27 16:51:25 GMT; Max-Age=15724800; SameSite=Lax
Set-Cookie__uzmb=1783443085; HttpOnly; path=/; Expires=Tue, 05-Jan-27 16:51:25 GMT; Max-Age=15724800; SameSite=Lax
Set-Cookie__uzme=0143; HttpOnly; path=/; Expires=Tue, 05-Jan-27 16:51:25 GMT; Max-Age=15724800; SameSite=Lax
Set-Cookie__uzmc=641831066226; HttpOnly; path=/; Expires=Tue, 05-Jan-27 16:51:25 GMT; Max-Age=15724800; SameSite=Lax
Set-Cookie__uzmd=1783443085; HttpOnly; path=/; Expires=Tue, 05-Jan-27 16:51:25 GMT; Max-Age=15724800; SameSite=Lax
Set-Cookie__uzmf=7f9000b4049509-8bb0-43bc-afdf-954e6343346e1-17834430859440-004fe57d28a91c7760f10; HttpOnly; path=/; Expires=Tue, 05-Jan-27 16:51:25 GMT; Max-Age=15724800; SameSite=Lax
Set-Cookieuzmx=7f9000b0675a22-0890-429c-9eb6-b21b8857ea731-17834430859440-a1cdce317f78533410; Domain=.bankjerusalem.co.il; HttpOnly; path=/; Expires=Tue, 05-Jan-27 16:51:25 GMT; Max-Age=15724800; SameSite=Lax
Cache-Controlmax-age=0, no-cache, no-store
X-Frame-Optionssameorigin
DateTue, 07 Jul 2026 16:51:25 GMT
Set-CookieAWS=rd1o00000000000000000000ffff0a320818o443; expires=Tue, 07-Jul-2026 19:51:28 GMT; path=/; Httponly; Secure
Set-CookieTS0192bae2=01f303b1aaa8212ad1fd38a8de4cf50acfe83bc577172b2b989aab92fccb27f681bea955744e9c7d7bd214ad2c8dbc1d1f04f583a123811cdbd329c270b99f5f6274510b20; Path=/; Domain=.www.bankjerusalem.co.il
Pragmano-cache
Set-CookielLEHd=0839133988ab280083563d3ef35e5b3de3f67bdb811133160f173579e9857d2e4b28ba613750aece5c8dc507612006a1; Path=/; Expires=Wed, 08 Jul 2026 16:51:28 GMT
Set-CookieWyJ3LZJS=08b30e08980a100043c6c5266b0afeceaef243908f80089b; Path=/; Expires=Wed, 08 Jul 2026 16:51:28 GMT; HttpOnly
Set-CookieGOX3GQ=08b30e0898063000a81b651483b3503bf71dc953c5151c2c025cffa566321e892e3653e50438df05eab6845980ec33eb8c34e735b4f945c5; Path=/; Expires=Wed, 08 Jul 2026 16:51:28 GMT; HttpOnly
Set-CookieFrwvB6=08b30e08980d180028762be9a8cdeac08218c66a425a1df3dedd8c21235896d2; Path=/; Expires=Wed, 08 Jul 2026 16:51:28 GMT
Set-Cookie2rH0gT=08b30e0898021000e1cd3a2e6334b59515d4b0616d658c6a; Path=/
Set-CookieGQNCPH=08b30e08980518009983d805a9de8d80b0f04f46e251d478f62abe6f29dd9aa3; Path=/
Set-CookieirNxCcQ=08b30e089810300083f7f8586cde91c7ee446be9aba7a419f7913616d1646f55e387a1c826c3de317a17685b5aecaf7f246780520ce56ee2; Path=/; Expires=Wed, 08 Jul 2026 16:51:28 GMT
Set-CookieTSea60b24d027=086229b7b6ab2000039be8abc3162b407428c27c3e9a6baafb1defc7f39c90c79004009b7152e79b085afcc19911300025a62d984cfb0c6e1b274df80039688ecbd33209d445968038b49a30bbbfa33853229ef50714ea174687770117c79f2d; Path=/
rdwr_responseallowed
Strict-Transport-Securitymax-age=31536000
Content-Encodinggzip
Upcoming Headers
Cross-Origin-Embedder-PolicyCross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP.
Cross-Origin-Opener-PolicyCross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser.
Cross-Origin-Resource-PolicyCross-Origin Resource Policy allows a resource owner to specify who can load the resource.
Additional Information
X-Frame-OptionsX-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking.
Strict-Transport-SecurityHTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS.