Security Report Summary
D
Site: | http://algojob.kr/ - (Scan again over https) | ||
---|---|---|---|
IP Address: | 112.175.11.229 | ||
Report Time: | 26 Apr 2024 12:42:53 UTC | ||
Headers: |
|
||
Warning: | Grade capped at A, please see warnings below. | ||
Advanced: |
|
Missing Headers
Content-Security-Policy | Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets. |
---|---|
Referrer-Policy | Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites. |
Permissions-Policy | Permissions Policy is a new header that allows a site to control which features and APIs can be used in the browser. |
Warnings
Site is using HTTP | This site was served over HTTP and did not redirect to HTTPS. |
---|
Raw Headers
HTTP/1.1 | 200 OK |
---|---|
Set-Cookie | TS389328ec029=0853a021f8ab2800e0743432a312866369737eba85ea883d2b355b2236c4cde5c19b079a2623615d1b35516d189e3461; Max-Age=30; Path=/ |
Cache-Control | no-store, must-revalidate, no-cache, max-age=0 |
Content-Type | text/html |
Content-Length | 45240 |
X-Frame-Options | SAMEORIGIN |
X-XSS-Protection | 1; mode=block |
X-Content-Type-Options | nosniff |
Set-Cookie | TS389328ec078=0853a021f8ab20004bacadbf2d101fc0f8d1123a5115a13d425a2218683385ab7ec5d1e08267963208e776860c187801d6c3a8c3404fb69911c6d5c91ebab69500b4b60c16f36cff7b27ff59184443821e4a1ce2f29a0fa4a985655d620ad81c6b33b6d749f8255797a10594d4250aadd342ef6849469161dac5a41d0f4e4d4b039c3373fb49305f256532203bd416231c3eb64f88b00d6dbaa319193044723428c46be6f53346cd397080dacc6675c25a4ff7a535af89eff757314b2de074c09fe1963f6601e0cf6e3e92662e641053c60b448f887109c2583affd22ff5a29976b90cd3c84bbc391b2a1e6d2ce8dd28e2fab38b9d57b73f4e389c797722c4f9fa574de8c84a17bcd903fe0063f0d1df9b3ebfb7f6191136316fb4838150ab5edb2503ead0c7a2dcbf8be0713035b4da52e485973a438d562b08a0e19e40376cb24e244d16d9925efbd2feeec379a3834d5f71b7a851da92a750ad050b778a8a148596418eff4a1f4a76e7ac8772b08ccb09890169f1b47b5c6929017018932d216d743cfd0daa25917eb188513785878d818128bcc42c718fdb48f91b51a6e15c833776f90d2539; Max-Age=30; Path=/ |
Upcoming Headers
Cross-Origin-Embedder-Policy | Cross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP. |
---|---|
Cross-Origin-Opener-Policy | Cross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser. |
Cross-Origin-Resource-Policy | Cross-Origin Resource Policy allows a resource owner to specify who can load the resource. |
Additional Information
X-Frame-Options | X-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking. |
---|---|
X-XSS-Protection | X-XSS-Protection sets the configuration for the XSS Auditor built into older browsers. The recommended value was "X-XSS-Protection: 1; mode=block" but you should now look at Content Security Policy instead. |
X-Content-Type-Options | X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff". |