Security Report Summary
R
Redirect: Click here to follow the redirect to https://www.basspro.com/shop/en.
Site: https://basspro.com/
IP Address: 23.39.40.228
Report Time: 09 Jun 2026 22:06:19 UTC
Headers:
  • X-Frame-Options
  • X-Content-Type-Options
  • Strict-Transport-Security
  • Content-Security-Policy
  • Referrer-Policy
  • Permissions-Policy
Advanced:
Perform a deeper security analysis of your website and APIs:
Missing Headers
Content-Security-PolicyContent Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets.
Referrer-PolicyReferrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.
Permissions-PolicyPermissions Policy is a new header that allows a site to control which features and APIs can be used in the browser.
Warnings
Response is not HTMLThe content-type of the response does not indicate HTML. Not all headers, and therefore the score, may be appropriate.
Raw Headers
HTTP/2301
serverAkamaiGHost
content-length0
locationhttps://www.basspro.com/shop/en
dateTue, 09 Jun 2026 22:06:18 GMT
set-cookieIpState=; path=/; domain=basspro.com
set-cookieIpZipCode=; path=/; domain=basspro.com
set-cookieIpGeo=Country-IE_Region-State-_City-DUBLIN_Zip-_DMA-_MSA-_PMSA-; path=/; domain=basspro.com
server-timingcdn-cache; desc=HIT
server-timingedge; dur=1
x-frame-optionsSAMEORIGIN
x-xss-protection1; mode=block
x-content-type-optionsnosniff
strict-transport-securitymax-age=15768000 ; includeSubDomains ; preload
set-cookiebm_ss=ab8e18ef4e; Secure; SameSite=None; Domain=.basspro.com; Path=/; HttpOnly; Max-Age=3600
set-cookie_bmdet=b111769210a046488426ae627ee5d385; path=/; domain=.basspro.com; Secure
set-cookie_abck=61C09F4B4E199E2859A6D810AC0F1866~-1~YAAQbbATAqZq5IqeAQAA5RFsrhDrBUA2MYYxkUC8cZajtJVC6Yk15pvOiMgAC8lqlW+j6dI1i25hUbVIWTdWE2io5oTeZLe4d2qKpXyq4sE1Yyou+F7fdr3BeORrwOQj989D2/phFyBe9Syeg/I5mYBwqXNg4nZA2MTaSn84biXdzeFXarrp7RZmSPKuJKi3HSzQY+wleFlvyXz4yFDUFXBYYK+lrnEBD7eXx++wIC9sOQpINjnLzDwnJT2cT6H8UbbWatNNLqJdUJ6iupvIc6paI4dEtMh4naMGxE84vfYTOjfAXeIsxWyEZc3BbbHbaDzlG031/ZhhCP/3JXkIVi2XgVcLL2BLRnlLjxXFnuSyhOlqpAQS4TjqSpxcrUAhIul5GPz4Mkw+YTXAoPGvZ6wiFlSTAaOj7Qu9w95KNNlPUTGsOIEJvkC1ICqrUAST8CXf+O5rapLk~-1~-1~-1~-1~-1; Domain=.basspro.com; Path=/; Expires=Wed, 09 Jun 2027 22:06:18 GMT; Max-Age=31536000; Secure
set-cookiebm_s=YAAQbbATAqdq5IqeAQAA5RFsrgW6n1FQFDAJ1XFYCj2SuEjqYDENW6l3dj17VOowSCXN2YvORa7TjIFFmbnn0zwWp/Qm3wiKQbmH2UozItLgHSxZrggsNi6T2gVuxodpktN4xo5O8hufDKNt+sepr+zQe+cQz9aeQy1GSEAfayeVtzbpoTnFhRUcurnku6UsDK/HYqWjMjCopZ3/hK9bkv6w7k3KAwr+wUzd1tt6o92alZ6x1CWYK+mtVEor5xVqQ/5SsCM14d2BvcRnjMVcjhpwSAjQ+LD5mr1u+oFQZcihKVrvYVt8OfLiD8oo0ge8abV0Um3i2WhGzk7qnsSEiKWIxZj1ZPSZyfQzo6+U8qmPh92P6PxJuh1nZ2wJoxFqivdMHTIvu3UYaPKOnPVedfbJf01jMmUETOXbWptGIaicWP/tfRxxXGLrXZcLIh9YcMlKahyJshf7Cj+aguOgYjgCCqeEFYeg8SIGiIopPS8/drXrXyklQV3+HLwjNJejhWTx73MfAahtQR65oZ9VHUejmEP+3v1Wm11poyGJjo+GoX1Mp4JaSvDxuH4FuRVVqrjSUeYmJ8OMvxS2VOY+vVWRI+j13HA2bu5RCpEL7h/cM2qMWLoXiSd/TH9al4Fzb3ztGlalC3dZ/PZj3Fwsdy6Up8uS/bTAtyxW65qwp5oRb3M7f1Q2MxyKeeaGghtaiALb2gLrarVF6fflbLMuIUwzusWbR4y6yHgCM1qxZ65VJfZ7tDuTNzxkxzlmUhFQ4wvRPld5cR8aQKK47MmKJYa5EPt4DNQIXwnD4K1HqnkPYqScI0/HTjdmgzu0ZT2pd1Rf4KiH8nHYgzaiqX+wExYAaX07LWtERbVzm7D2aZRFdIydy+FoGx11na1Sk3prEgkfd0EynkF8wg8+j59e8cWd9kkrPA==; Domain=.basspro.com; Path=/; Expires=Fri, 10 Jul 2026 22:06:18 GMT; Max-Age=2678400; Secure; HttpOnly
set-cookiebm_so=783D435E97CEF4EA5BB82756E19D391F299C5BC35996CCD3EE8CD0277A56EBB6~YAAQbbATAqhq5IqeAQAA5RFsrge2oBTXr+5x8V/otd+26r+ACq2Zqymr5vx4GHIupizRRe1PAQTnNmIbe1mb49IX2milNZOeyN6Ttmg9MN0IUXvs/NGm06zmre88biR0RskCyPsFjrU07JevBQDvVN9Lr/UaixUV2V+gAawwQwRCISe5178igpYan5R9b19CEaHKJkdB3YX8o94+HiDnJTXMqa2kuBAa6Ww2uaWxx3qZlYRvAIregT+NlFti3N2IUuGFT8/kr8D25W4DFy5m9CQbS1n2ej6W7wjFIQFrhq8zjVfjeHBnewzlnQAMCyrQ4/WHk0jgLgk1OMHuMzHS5K9y6bUfRKYPYpCc6EfW9I465UV2HmwbZl1jblt/s0d0aBwK9n2DFtMhlr6bXHgQGepf7wUEeJNbjPz9yDa0DB8HXu/IXvdOMkog+E8qi98qBrFALxZvRIMUvdo0iT4kEVibShc=; Domain=.basspro.com; Path=/; Expires=Wed, 10 Jun 2026 22:06:18 GMT; Max-Age=86400; Secure
set-cookiebm_sz=8B502E69BE20728E3BED1DA7A2768E3D~YAAQbbATAqlq5IqeAQAA5RFsrgCmlO/cdJ8qc91z4YJjDj223/JYsqwfqhIJlqzFeJuK3cfQiy0oWesPcVEipIREJmUrvA0A8b/jgB+7xDR9K8zJVi7COg5Ugqvsgc4OLfxfFcmLqc1tC05qlcs3rEVBObAE/Z00hj5udMa14qf9I+HYEsPdfXd3+kYgg1B651hI5Gdf3sBh6OGfIBxbygcFXXEKD9qbzP3F24T2rT52uvsU2yZmZzEfwTUicQQTveRcxEq/oW1x9eCLLHJoR+s5ZSwZvsp6JMO37xlg8YHKCPqsz/Xpb3PIF1f7saF97+dpBn+DMOdU5+gWgx88z2h2YwyU9VDfDT+WaEsWA9tkP7T95T8HNc0qpIiqgmX9Mdr1tAhsot/o298+v6cZ~4340036~3551793; Domain=.basspro.com; Path=/; Expires=Wed, 10 Jun 2026 02:06:18 GMT; Max-Age=14400
server-timingak_p; desc="1781042778464_34844781_1298259631_31_125310_1_4_15";dur=1
Upcoming Headers
Cross-Origin-Embedder-PolicyCross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP.
Cross-Origin-Opener-PolicyCross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser.
Cross-Origin-Resource-PolicyCross-Origin Resource Policy allows a resource owner to specify who can load the resource.
Additional Information
serverServer value has been changed. Typically you will see values like "Microsoft-IIS/8.0" or "nginx 1.7.2".
x-frame-optionsX-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking.
x-xss-protectionX-XSS-Protection sets the configuration for the XSS Auditor built into older browsers. The recommended value was "X-XSS-Protection: 1; mode=block" but you should now look at Content Security Policy instead.
x-content-type-optionsX-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff".
strict-transport-securityHTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS.