Security Report Summary
C
Site: https://aaahq.org/
IP Address: 138.197.104.199
Report Time: 30 Apr 2024 04:05:36 UTC
Headers:
  • X-Content-Type-Options
  • X-Frame-Options
  • Permissions-Policy
  • Strict-Transport-Security
  • Content-Security-Policy
  • Referrer-Policy
Advanced:
Not bad… Maybe you should perform a deeper security analysis of your website and APIs:
Missing Headers
Strict-Transport-SecurityHTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS. Recommended value "Strict-Transport-Security: max-age=31536000; includeSubDomains".
Content-Security-PolicyContent Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets.
Referrer-PolicyReferrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.
Raw Headers
HTTP/1.1200 OK
DateTue, 30 Apr 2024 04:05:35 GMT
ServerApache/2.4.41 (Ubuntu)
Cache-Controlmust-revalidate, no-cache, private
X-UA-CompatibleIE=edge
Content-languageen
X-Content-Type-Optionsnosniff
X-Frame-OptionsSAMEORIGIN
Permissions-Policyinterest-cohort=()
X-Drupal-Cache-Tagsblock_content:10 block_content:2 block_content:3 block_content:4 block_content:6 block_content_view block_view config:block.block.22ata02sponsors config:block.block.22ata02tcsponsors config:block.block.aaa_skin_1_branding config:block.block.aaa_skin_1_content config:block.block.aaa_skin_1_help config:block.block.aaa_skin_1_local_actions config:block.block.aaa_skin_1_local_tasks config:block.block.aaa_skin_1_page_title config:block.block.ahjmenu config:block.block.ajptmenu config:block.block.apimenu config:block.block.briamenu config:block.block.ciiamenu config:block.block.footer1 config:block.block.footer2 config:block.block.footer3 config:block.block.footer4 config:block.block.footerspacer config:block.block.footerspacer_2 config:block.block.horizonsmenu config:block.block.hum_am_22_modal config:block.block.issuesmenu config:block.block.jatamenu config:block.block.jetamenu config:block.block.jfarmenu config:block.block.jfrmenu config:block.block.jiarmenu config:block.block.jismenu config:block.block.jltrmenu config:block.block.jmarmenu config:block.block.jognamenu config:block.block.legacysidebar config:block.block.mainnavigation config:block.block.mainnavigation_2 config:block.block.meetingspagebanner config:block.block.messages config:block.block.navbarmenutopright config:block.block.pagenavigation config:block.block.tarmenu config:block.block.testmeetingspagebanner config:block_list config:field.storage.node.field_call_for_submissions_end config:field.storage.node.field_call_for_submissions_link config:field.storage.node.field_call_for_submissions_start config:field.storage.node.field_cpe_information config:field.storage.node.field_date config:field.storage.node.field_featured_meeting config:field.storage.node.field_location config:field.storage.node.field_meeting_date config:field.storage.node.field_meeting_registration_end config:field.storage.node.field_meeting_registration_start config:field.storage.node.field_registration_link config:field.storage.node.field_section_region config:field.storage.node.field_submissions_open config:filter.format.ace_editor config:search.page.node_search config:system.menu.legacy-sidebar config:system.menu.main config:system.menu.navbar-menu-top-right config:user.role.anonymous config:views.view.meetings config:views.view.weare_webinar http_response local_task node:33721 node:33750 node:33751 node:33752 node:33753 node:33810 node:33811 node:33812 node:33814 node:34034 node:34160 node:34503 node:35014 node:35447 node:35591 node:36426 node:36595 node:38019 node:38378 node:38556 node:38993 node:39064 node:39123 node:39555 node:39573 node:39595 node:39955 node:40445 node:40535 node:40537 node:40673 node:40867 node:40876 node:40884 node:40890 node:40895 node:40901 node:40908 node:40911 node:40980 node:41003 node:41023 node:41037 node:41063 node:41094 node:41113 node:41117 node:41174 node:41204 node:41209 node:41210 node:41239 node:41249 node:41273 node:41276 node:5110 node_list rendered taxonomy_term:45 taxonomy_term:46 taxonomy_term:47 taxonomy_term:49 taxonomy_term:51 taxonomy_term:52 taxonomy_term:53 taxonomy_term:55 taxonomy_term:56 taxonomy_term:57 taxonomy_term:61 taxonomy_term:62 taxonomy_term:64 taxonomy_term:66 taxonomy_term:67 user:0
X-Drupal-Cache-Contextscookies:big_pipe_nojs languages:language_content languages:language_interface route session.exists theme timezone url.path url.query_args user.node_grants:view user.permissions user.roles
X-Drupal-Cache-Max-Age0 (Uncacheable)
ExpiresSun, 19 Nov 1978 05:00:00 GMT
X-GeneratorDrupal 9 (https://www.drupal.org)
VaryAccept-Encoding
Content-Encodinggzip
Transfer-Encodingchunked
Content-Typetext/html; charset=UTF-8
Upcoming Headers
Cross-Origin-Embedder-PolicyCross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP.
Cross-Origin-Opener-PolicyCross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser.
Cross-Origin-Resource-PolicyCross-Origin Resource Policy allows a resource owner to specify who can load the resource.
Additional Information
ServerThis Server header seems to advertise the software being run on the server but you can remove or change this value.
X-Content-Type-OptionsX-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff".
X-Frame-OptionsX-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking.
Permissions-PolicyPermissions Policy is a new header that allows a site to control which features and APIs can be used in the browser.