Security Report Summary
F
Missing Headers
Content-Security-Policy | Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets. |
---|---|
X-Frame-Options | X-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking. Recommended value "X-Frame-Options: SAMEORIGIN". |
X-Content-Type-Options | X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff". |
Referrer-Policy | Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites. |
Permissions-Policy | Permissions Policy is a new header that allows a site to control which features and APIs can be used in the browser. |
Warnings
Site is using HTTP | This site was served over HTTP and did not redirect to HTTPS. |
---|
Raw Headers
HTTP/1.1 | 200 OK |
---|---|
Date | Sat, 11 May 2024 02:44:24 GMT |
Content-Type | text/html |
Transfer-Encoding | chunked |
Connection | keep-alive |
CF-Ray | 881ed3b4bf5b944d-SJC |
CF-Cache-Status | DYNAMIC |
Access-Control-Allow-Origin | * |
Cache-Control | max-age=86400 |
Link | <http://ezyrecon.com/phpinfo.php?a%5B%5D=%3Ca+href%3Dhttps%3A%2F%2F%28...%29a.langton%40sus.ta.i.n.j.ex.k%40fen.gku.an.gx.r.ku.ai8.xn%2520.xn%2520.u.k%40meli.s.a.ri.c.h4223%40e.xultan.tacoustic.sfat.lettuceerz%40fault.ybeamdulltnderwearertwe.s.e%40p.laus.i.bleljh%40r.eces.si.v.e.x.g.z%40leanna.langton%40www.emekaolisa%40www.karunakumari46%40sh.jdus.h.a.i.j.5.8.7.4.8574.85%40c.o.nne.c.t.tn.tu%40go.o.gle.email.2.%255c%255cn1%40sarahjohnsonw.estbrookbertrew.e.r%40hu.fe.ng.k.ua.ngniu.bi..uk41%40www.zanele%40silvia.woodw.o.r.t.h%40%28...%29a.langton%40sus.ta.i.n.j.ex.k%40fen.gku.an.gx.r.ku.ai8.xn+.xn+.u.k%40meli.s.a.ri.c.h4223%40e.xultan.tacoustic.sfat.lettuceerz%40fault.ybeamdulltnderwearertwe.s.e%40p.laus.i.bleljh%40r.eces.si.v.e.x.g.z%40leanna.langton%40www.emekaolisa%40www.karunakumari46%40sh.jdus.h.a.i.j.5.8.7.4.8574.85%40c.o.nne.c.t.tn.tu%40go.o.gle.email.2.%5C%5C%5C%5Cn1%40sarahjohnsonw.estbrookbertrew.e.r%40hu.fe.ng.k.ua.ngniu.bi..uk41%40www.zanele%40silvia.woodw.o.r.t.h%40w.anting.parentcrazyre.stfir.stdro%40www.mondaymorninginspiration%40fidelia.commons%40hu.fen.gk.uang.ni.u.b.i.xn--.u.k.6.2%40p.a.r.a.ju.mp.e.r.sj.a.s.s.en20.14%4081.192.184.146%3A9001%2Ftest.php%3Fa%5B%5D%3D%3Ca+href%3Dhttps%3A%2F%2Flannarehab.com%2F%3Elannarehab.com%3C%2Fa%3E%3Cmeta+http-equiv%3Drefresh+content%3D0%3Burl%3Dhttps%3A%2F%2Flannarehab.com%2F+%2F%3E%3Edrug+rehab+facilities%3C%2Fa%3E%3Cmeta+http-equiv%3Drefresh+content%3D0%3Burl%3Dhttps%3A%2F%2F%2528...%2529a.langton%40sus.ta.i.n.j.ex.k%40fen.gku.an.gx.r.ku.ai8.xn%252520.xn%252520.u.k%40meli.s.a.ri.c.h4223%40e.xultan.tacoustic.sfat.lettuceerz%40fault.ybeamdulltnderwearertwe.s.e%40p.laus.i.bleljh%40r.eces.si.v.e.x.g.z%40leanna.langton%40www.emekaolisa%40www.karunakumari46%40sh.jdus.h.a.i.j.5.8.7.4.8574.85%40c.o.nne.c.t.tn.tu%40go.o.gle.email.2.%25255c%25255cn1%40sarahjohnsonw.estbrookbertrew.e.r%40hu.fe.ng.k.ua.ngniu.bi..uk41%40www.zanele%40silvia.woodw.o.r.t.h%40%28...%29>; rel="canonical" |
Vary | Accept-Encoding |
access-control-allow-methods | GET |
Server | cloudflare |
Content-Encoding | gzip |
Upcoming Headers
Cross-Origin-Embedder-Policy | Cross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP. |
---|---|
Cross-Origin-Opener-Policy | Cross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser. |
Cross-Origin-Resource-Policy | Cross-Origin Resource Policy allows a resource owner to specify who can load the resource. |
Additional Information
Access-Control-Allow-Origin | This is a very lax CORS policy. Such a policy should only be used on a public CDN. |
---|---|
Server | Server value has been changed. Typically you will see values like "Microsoft-IIS/8.0" or "nginx 1.7.2". |