Security Report Summary
D
| Site: | https://www.qatarairways.com/en/Privilege-Club/reset-password.html | ||
|---|---|---|---|
| IP Address: | 23.72.34.166 | ||
| Report Time: | 26 Aug 2025 20:02:14 UTC | ||
| Headers: |
|
||
| Advanced: |
|
Missing Headers
| Content-Security-Policy | Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets. |
|---|---|
| Referrer-Policy | Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites. |
| Permissions-Policy | Permissions Policy is a new header that allows a site to control which features and APIs can be used in the browser. |
Warnings
| Strict-Transport-Security | The "max-age" directive is too small. The minimum recommended value is 2592000 (30 days). |
|---|
Raw Headers
| HTTP/2 | 200 |
|---|---|
| server | Apache |
| x-content-type-options | nosniff |
| x-xss-protection | 1 |
| accept-ranges | bytes |
| vary | Accept-Encoding |
| access-control-allow-headers | Accept,traceparent,Request-Id,Content-Type,User-Agent |
| content-type | text/html; charset=UTF-8 |
| x-akamai-transformed | 9 - 0 pmb=mTOE,2mRUM,2 |
| content-encoding | gzip |
| date | Tue, 26 Aug 2025 20:02:14 GMT |
| set-cookie | AKA_A2=A; expires=Tue, 26-Aug-2025 21:02:14 GMT; path=/; domain=qatarairways.com; secure; HttpOnly |
| server-timing | cdn-cache; desc=REVALIDATE |
| server-timing | edge; dur=305 |
| server-timing | origin; dur=431 |
| x-frame-options | SAMEORIGIN |
| strict-transport-security | max-age=86400 |
| set-cookie | bm_ss=ab8e18ef4e; Secure; SameSite=None; Domain=.qatarairways.com; Path=/; HttpOnly; Max-Age=3600 |
| set-cookie | _abck=2ED57F669EA65B8C812211186272B412~-1~YAAQpiVIF+ULaOOYAQAAoVX55w61rUJ+OX+NUGDJofASjF5qlIvxQqFcy/lBU0XUaBlAoOV1efzNrFZwmpqbpTQTslEcLjj0OM22J5HiLtz7EHJ0HDjGfNFmkSPIzkxQ/NKFdbEpXsxqTKzaw2tGFdMPic1yRzTjVlmh0i5KMr8EM6by8x3rxsI9XW5bFuF6BELIXe4orOautz+xMgiSus+tIhILKHW//Y7aq5C5vECPDP+vEoQ1kcYcJ+L3WQzweSjTIcm/1nXLzeIH2Oy1nQNJf9aZlXrMXKAzuEAXS4lsR7D7SgBesdqfcNIcrSZ9f283lPzHcElIxUl4s4gZf6K1TcZJ/oX1Y1hro6sL0Sqh3WNUqrADZcx9zNJAVy7HqV3G2HBs2kuQwcffR0iGcTL79pgSNxQSQ2cv+umOEW3UW0br8IKtRDG0CZHOBWJKuVbdY0rhoMV5aX7Heg4=~-1~-1~-1~~; Domain=.qatarairways.com; Path=/; Expires=Wed, 26 Aug 2026 20:02:14 GMT; Max-Age=31536000; Secure |
| set-cookie | ak_bmsc=22AA54352FDD3E798C076C8D2DBCD7D7~000000000000000000000000000000~YAAQpiVIF+YLaOOYAQAAoVX55xxQH8znxKCHZa5qWwHz8/PXShXVr49OA0ZRTjbtpwoa+pelU0eYOgk6vLbsUMMOkORHbsZvDIqLS/w+pRSAIPfXvdOpA5yE35siwEPJ0mB/WER8THevQh/cAePg0LNMtzQqzHToD3iPHVT/kvNaTqiUinxbcwaAP0UKbv3/ETbJzItyzNjpGHKDWRxjhj8yb8+m7+8umFC8fgRaKjmDBMAe75TyidN6OAyAEJEtfcK2tmHDfxN66xEvu34jaDQo1yvXqg64fwQOypWmFzWvPrh/qI44tMx3saJt9hKB9A6m3i8YCUuJ7T3OHGdZ3F2Z7J7E95ZxHXy6eiwRi8KEp6y58SeH4XY2/ISF7PPx+5drL3hMRkntPZSW71p3WXTQIA==; Domain=.qatarairways.com; Path=/; Expires=Tue, 26 Aug 2025 22:02:13 GMT; Max-Age=7199 |
| set-cookie | bm_mi=0C25D50F32C3E3B4B92D504C2610258F~YAAQpiVIF+cLaOOYAQAAoVX55xyuw51x++81X4Yd61NWks4x40tFGJG+TXaZ3FxcCOF4Y6IT0M9NMOJeOTfMAESWqY/39HnimQT8nTHxvrbY0WEujF/7eH35ELQMlgnrWbeaHqKnGEsdGNK5BNaMsDlkE9mWN9cdsZpSghIXp0lZAEYKL/PUCw7Y++rAwThg8mnQgNUl4db3pjnFWG3++G8TtteAWkBEY3/F9xh19QcOsuTp+3JhkskCDDkY1ZZJmKUy+L+Dvj/6d5xGT1eD/d7WZMyJ9UOX1lbypPh2R8TPUV5WhrJ/UOSGtVTJ5+iV8LDCBcHZEkMUlvpsD9VMEX6CpKuUXGAxH8AXO69dJMYoAw+xSX0u/Ns=~1; Domain=.qatarairways.com; Path=/; Expires=Tue, 26 Aug 2025 20:02:14 GMT; Max-Age=0; Secure |
| set-cookie | bm_s=YAAQpiVIF+gLaOOYAQAAoVX55wNfZiD0ye5lkeza2kaRJCPalVJMPq4J3uo+kNPrq+0a5o+c8wXLF53q+6H1R9a50IHLVJNA6cb0YPa/Zwe1hpII1SLWMHhJDU341g60WP4/rvMJsEGC8vYHVFox1LPCCGf3rmupqHL8qj7TbVLq3Ak5Q7F0/1z1iLzXC+T6uliIYlM3GBVsO4E0rNd3JATAO8D2PNlpTaTA5eUQtzdJ7KRPVUbChln9ma6kNyqINRS22cc8maGGAPUxTrHKl+HssYCiEddRPS/WIlTjaXT595e4i0DjoeAfm9Od1m2F+qRIJo1Ng/Jl7uuuI7/MUfijh3NMuQSnL0kjwIg00RXi/LbwKFVJq4lpQ7IimX+y82Gw1gV3FFxfLQGL9B7/H4HTumo9TsWSyYmFqdWBc5yxU+njXZKJRaP/2CYYmRK/kurqV/tOnf5rMOp5fB3S3spBPyjxGOtLQ18xllh0V2n3PQWDyKIhb/lE+tz5H1zk7vucHGlI2NHjKZZX2BUaLNCna8jHHh5TxYgX/9PFHXNBA0puKAV1blDA5Nxh; Domain=.qatarairways.com; Path=/; Expires=Fri, 26 Sep 2025 20:02:14 GMT; Max-Age=2678400; Secure; HttpOnly |
| set-cookie | bm_so=82B0DBCDA8445B7F7B785FB87F01E8A96869E0882A238B68BA45F1A799C72D18~YAAQpiVIF+kLaOOYAQAAoVX55wRTgSMoJy3pSeHYB0bR5BO9LckMujdEvHWks2a8e7YzppbZ6DGqmOTxI2NzSviH/tV58UM0tj/Pn+90wU/lft67n9lPJrWzKYPsknL8CYGdUj9Tf9IFq61TW/Q8iNLDnyhpNYYSbZP+ZVLF5ClyODXhEBgHMu6nTk5e9W+S0E/w3clZvn1WkEQcERSI7kWCzNGkjaE5x8Lb6PPKVoNcWSA5ch90vDj60RroGBKkbIq0ZfAxpHhnIP+BbRdBR7COElmo3nSFrZgYwJCLUqaCl5ZGzXjqzVxRGiZawomVodUs8GCiy2+HsxdacmIhFCTZoCmfLUX66LFyB076vTG06tJGW3bShL+imNXKcMKAhunTRtLo2hKqWOFUIUZUmrjUl3100OMV6RDtc/MiOKIJCBUwbZdDJPuqsirevj4Zb50rfzyPDn2MGsijaco2vshVcAnZ; Domain=.qatarairways.com; Path=/; Expires=Wed, 27 Aug 2025 20:02:14 GMT; Max-Age=86400; Secure |
| set-cookie | bm_sz=891D1163D94448BB45E11F4E8B5EC928~YAAQpiVIF+oLaOOYAQAAoVX55xxZNP7FOVas3aQ4m62vll1ScckMAOgTnioT2xsepjc/H5AFxtX5TGjxA0XWbtjv9QiHDMg/HPZWhp882o5Hfq+ItUG/LDEcBabQj3sek5EIwan65lJyKj29WpzWi+NYb87wxfu6ohteRxe+hnWk0NBlpUEQvBhMzR9uWY0FMnWkc+Zr8/+Ar0i3dQZDMvLOyvU1dTIqImIQIOWSnlykDuBZpfEl5s3+aWZaEyvFEYVbLSLrSjxP+X/W0ClDGp5kyVGCuXg+7PHzDxjrwXH9lD57wTbEsBt9Fr08LyK78xDnfaG5c3YFTglpQx7IzuyKSqdrswTZhnBAqkqGZ3NoHXkWNw28InEemAWyomkUY0CRRMYoklThPUV61FMLP1aID7E=~3359554~3687737; Domain=.qatarairways.com; Path=/; Expires=Wed, 27 Aug 2025 00:02:13 GMT; Max-Age=14399 |
| server-timing | ak_p; desc="1756238533243_390604198_137818998_73549_13865_8_11_15";dur=1 |
Upcoming Headers
| Cross-Origin-Embedder-Policy | Cross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP. |
|---|---|
| Cross-Origin-Opener-Policy | Cross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser. |
| Cross-Origin-Resource-Policy | Cross-Origin Resource Policy allows a resource owner to specify who can load the resource. |
Additional Information
| server | This Server header seems to advertise the software being run on the server but you can remove or change this value. |
|---|---|
| x-content-type-options | X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff". |
| x-xss-protection | X-XSS-Protection sets the configuration for the XSS Auditor built into older browsers. The recommended value was "X-XSS-Protection: 1; mode=block" but you should now look at Content Security Policy instead. |
| x-frame-options | X-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking. |
| strict-transport-security | HTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS. |