Security Report Summary
D
Site: https://aau.edu.jo/ar
IP Address: 93.127.217.25
Report Time: 26 Aug 2025 18:49:38 UTC
Headers:
  • X-Content-Type-Options
  • X-Frame-Options
  • Strict-Transport-Security
  • Content-Security-Policy
  • Referrer-Policy
  • Permissions-Policy
Advanced:
Your site could be at risk, let’s perform a deeper security analysis of your site and APIs:
Missing Headers
Strict-Transport-SecurityHTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS. Recommended value "Strict-Transport-Security: max-age=31536000; includeSubDomains".
Content-Security-PolicyContent Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets.
Referrer-PolicyReferrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.
Permissions-PolicyPermissions Policy is a new header that allows a site to control which features and APIs can be used in the browser.
Raw Headers
HTTP/1.1200 OK
DateTue, 26 Aug 2025 18:49:38 GMT
ServerApache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
X-Content-Type-Optionsnosniff
X-Powered-ByPHP/7.2.34
Cache-Controlmax-age=86400, public
X-Drupal-Dynamic-CacheMISS
Link<https://aau.edu.jo/ar>; rel="shortlink", <https://aau.edu.jo/ar>; rel="canonical"
X-UA-CompatibleIE=edge
Content-languagear
X-Frame-OptionsSAMEORIGIN
X-Drupal-Cache-Tagsblock_content:10 block_content:5 block_content:6 block_content:9 block_content_view block_view config:block.block.aboutaau config:block.block.academicdevelopmentqualityassurancecenter config:block.block.administrationentrepreneurshipandcommunityinitiativescenter config:block.block.administrativeaccreditation_department config:block.block.administrativecomputer_information_center config:block.block.administrativeconsulting_training_center config:block.block.administrativedeanship_scientific_research_graduate_studies config:block.block.administrativedeanshipofstudentaffairs config:block.block.administrativeelearningcenter config:block.block.administrativeengineering_general_services_department config:block.block.administrativefinancial_affairs_department config:block.block.administrativehumanresourcesdepartment config:block.block.administrativeinternationalbureauandexternalrelations config:block.block.administrativelanguages_translation_center config:block.block.administrativelibraryactivities config:block.block.administrativemediaandpublicrelationsdepartment config:block.block.administrativemedicalcenter config:block.block.administrativenewadministrativeunit config:block.block.administrativequalityassurancedepartment config:block.block.administrativesupplies_and_tenders_department config:block.block.basesass_content config:block.block.basesass_help config:block.block.basesass_local_actions config:block.block.basesass_local_tasks config:block.block.basesass_messages config:block.block.basesass_page_title config:block.block.calendarsmenu config:block.block.collegeofappliedmedicalsciences config:block.block.contactus config:block.block.copyright config:block.block.datascienceartificialintelligence config:block.block.dynamicheaderbottom config:block.block.dynamicheadertop config:block.block.exposedformsearch_apipage_1 config:block.block.exposedformsearch_apipage_1_2 config:block.block.footerleft config:block.block.footerright config:block.block.headerimageblock config:block.block.hecars config:block.block.ieeebranchammanarabuniversity config:block.block.languageswitcher_2 config:block.block.leftacademics config:block.block.leftacademicscomputer_science config:block.block.leftacademicsengineering config:block.block.leftacademicsfacultyartssciences config:block.block.leftacademicsfacultybusiness config:block.block.leftacademicsfacultyeducationalpsychologicalsciences config:block.block.leftacademicsfacultyofaviationsciences config:block.block.leftacademicsfacultysharia config:block.block.leftacademicslaw config:block.block.leftacademicspharmacy config:block.block.leftadmission_2 config:block.block.leftnewsannouncmentsetc config:block.block.mainnavigation config:block.block.newstricker config:block.block.pagetitle config:block.block.pagetitle_2 config:block.block.quicklinks config:block.block.quicklinks2 config:block.block.quicklinks3 config:block.block.quicklinks4 config:block.block.quicklinks4_2 config:block.block.relationsandsocialresponsibility config:block.block.simplenewssubscription config:block.block.sitebranding config:block.block.slogan config:block.block.socialmedia config:block.block.socialmedia_2 config:block.block.sustainabledevelopment config:block.block.topmenu config:block.block.views_block__about_aau_block_1 config:block.block.views_block__announcements_block_1 config:block.block.views_block__dynamic_header__block_1 config:block.block.views_block__faculty_logo_block_1 config:block.block.views_block__faculty_logo_block_10 config:block.block.views_block__faculty_logo_block_11 config:block.block.views_block__faculty_logo_block_12 config:block.block.views_block__faculty_logo_block_13 config:block.block.views_block__faculty_logo_block_14 config:block.block.views_block__faculty_logo_block_15 config:block.block.views_block__faculty_logo_block_16 config:block.block.views_block__faculty_logo_block_17 config:block.block.views_block__faculty_logo_block_19 config:block.block.views_block__faculty_logo_block_2 config:block.block.views_block__faculty_logo_block_20 config:block.block.views_block__faculty_logo_block_21 config:block.block.views_block__faculty_logo_block_22 config:block.block.views_block__faculty_logo_block_3 config:block.block.views_block__faculty_logo_block_4 config:block.block.views_block__faculty_logo_block_5 config:block.block.views_block__faculty_logo_block_6 config:block.block.views_block__faculty_logo_block_7 config:block.block.views_block__faculty_logo_block_8 config:block.block.views_block__faculty_logo_block_9 config:block.block.views_block__featured_stories_block_1 config:block.block.views_block__front_links_block_1 config:block.block.views_block__header_image_block_1 config:block.block.views_block__header_image_block_2 config:block.block.views_block__key_facts_block_1 config:block.block.views_block__latest_news_block_2 config:block.block.views_block__latest_news_block_2_2 config:block.block.views_block__media_gallery2_block_1 config:block.block.views_block__media_gallery2_block_1_2 config:block.block.views_block__media_gallery_block_1 config:block.block.views_block__media_gallery_block_1_2 config:block.block.views_block__news_inner_side_block_1 config:block.block.views_block__news_inner_side_block_2 config:block.block.views_block__news_inner_side_block_3 config:block.block.views_block__news_inner_side_block_4 config:block.block.views_block__news_inner_side_block_5 config:block.block.views_block__news_inner_side_block_6 config:block.block.views_block__news_inner_side_block_7 config:block.block.views_block__news_inner_side_block_8 config:block.block.views_block__news_inner_side_block_9 config:block.block.views_block__popup_block_1 config:block.block.views_block__student_announcements_block_1 config:block.block.views_block__student_announcements_block_1_2 config:block.block.webform config:block.block.webform_11 config:block.block.webform_12 config:block.block.webform_13 config:block.block.webform_14 config:block.block.webform_15 config:block.block.webform_16 config:block.block.webform_17 config:block.block.webform_18 config:block.block.webform_19 config:block.block.webform_2 config:block.block.webform_20 config:block.block.webform_21 config:block.block.webform_22 config:block.block.webform_23 config:block.block.webform_24 config:block.block.webform_25 config:block.block.webform_26 config:block.block.webform_27 config:block.block.webform_28 config:block.block.webform_3 config:block.block.webform_4 config:block.block.webform_5 config:block.block.webform_6 config:block.block.webform_7 config:block.block.webform_8 config:block.block.webform_9 config:block_list config:color.theme.basesass config:configurable_language_list config:field.storage.node.body config:field.storage.node.field_1st_text config:field.storage.node.field_2nd_text config:field.storage.node.field_animation_type config:field.storage.node.field_date config:field.storage.node.field_font_icon config:field.storage.node.field_image config:field.storage.node.field_images config:field.storage.node.field_link config:field.storage.node.field_number config:field.storage.node.field_video config:filter.format.basic_html config:filter.format.full_html config:image.style.dynamic_header_1400x535 config:image.style.front_links config:image.style.media_gallery1 config:image.style.media_gallery2 config:simple_popup_blocks.popup_popup_home config:system.menu.footer config:system.menu.main config:system.menu.quick-links-2 config:system.menu.quick-links-3 config:system.menu.quick-links-4 config:system.menu.social-media config:system.menu.top-menu config:system.site config:user.role.anonymous config:views.view.dynamic_header_ config:views.view.featured_stories config:views.view.front_links config:views.view.key_facts config:views.view.latest_news config:views.view.media_gallery config:views.view.media_gallery2 config:views.view.popup file:22874 file:33426 file:33481 file:33487 file:33489 file:33491 file:33494 file:33496 file:33497 file:33498 file:33500 file:34862 file:36421 file:40999 file:43367 file:43876 file:43921 file:44079 file:44080 file:44194 file:44617 file:44716 file:44764 file:44783 file:44812 file:45503 file:49148 file:49235 file:50260 file:50315 file:51118 file:51462 file:51465 file:51466 file:51542 file:51552 file:51554 file:51568 file:51577 file:51603 http_response node:1 node:10 node:101 node:11 node:1127 node:1155 node:12 node:1473 node:1574 node:1603 node:1673 node:169 node:170 node:171 node:172 node:175 node:177 node:178 node:1795 node:1803 node:1945 node:20 node:202 node:203 node:21 node:213 node:2143 node:2144 node:2145 node:2146 node:2147 node:2148 node:2149 node:2167 node:248 node:256 node:264 node:273 node:290 node:299 node:30 node:300 node:32 node:33 node:3371 node:34 node:3444 node:3455 node:36 node:37 node:3760 node:38 node:3889 node:3893 node:39 node:3922 node:4061 node:4085 node:41 node:4104 node:4170 node:4424 node:4501 node:4524 node:4554 node:4556 node:4565 node:458 node:4585 node:459 node:4610 node:471 node:475 node:476 node:478 node:480 node:481 node:497 node:501 node:5028 node:508 node:5208 node:535 node:5367 node:542 node:550 node:5563 node:559 node:572 node:576 node:585 node:616 node:6225 node:638 node:640 node:649 node:6504 node:6594 node:7195 node:7219 node:7220 node:7395 node:7401 node:7409 node:7410 node:7429 node:8393 node:8563 node:8592 node:8596 node:8691 node:88 node:8808 node:8810 node:8857 node:8858 node:8859 node:8860 node:8862 node:8871 node_list rendered slick:slick-views-dynamic-header-block-1-1.0 slick:slick-views-dynamic-header-block-1-1.14 slick:slick-views-dynamic-header-block-1-1.19
X-Drupal-Cache-Contextslanguages route theme timezone url.path url.query_args:_wrapper_format user.node_grants:view user.permissions
ExpiresSun, 19 Nov 1978 05:00:00 GMT
Last-ModifiedTue, 26 Aug 2025 18:02:38 GMT
ETag"1756231358"
VaryCookie
X-GeneratorDrupal 8 (https://www.drupal.org)
Content-Security-Policy-Report-Onlydefault-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://aau.edu.jo https://*.aau.edu.jo *.googleusercontent.com *.jsdelivr.net *.gstatic.com *.bootstrapcdn.com *.googleapis.com *.google.com; report-uri //report-csp-violation
X-Content-Security-Policy-Report-Onlydefault-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://aau.edu.jo https://*.aau.edu.jo *.googleusercontent.com *.jsdelivr.net *.gstatic.com *.bootstrapcdn.com *.googleapis.com *.google.com; report-uri //report-csp-violation
X-WebKit-CSP-Report-Onlydefault-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://aau.edu.jo https://*.aau.edu.jo *.googleusercontent.com *.jsdelivr.net *.gstatic.com *.bootstrapcdn.com *.googleapis.com *.google.com; report-uri //report-csp-violation
X-Drupal-CacheHIT
Transfer-Encodingchunked
Content-Typetext/html; charset=UTF-8
Upcoming Headers
Cross-Origin-Embedder-PolicyCross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP.
Cross-Origin-Opener-PolicyCross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser.
Cross-Origin-Resource-PolicyCross-Origin Resource Policy allows a resource owner to specify who can load the resource.
Additional Information
ServerThis Server header seems to advertise the software being run on the server but you can remove or change this value.
X-Content-Type-OptionsX-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff".
X-Powered-ByX-Powered-By can usually be seen with values like "PHP/5.5.9-1ubuntu4.5" or "ASP.NET". Trying to minimise the amount of information you give out about your server is a good idea. This header should be removed or the value changed.
X-Frame-OptionsX-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking.
Content-Security-Policy-Report-OnlyContent Security Policy Report Only is used to test a Content Security Policy before making it live. The browser will report on actions that would have been taken based on the policy. Analyse this policy in more detail. You can sign up for a free account on Report URI to collect reports about problems on your site.