Security Report Summary
C
Missing Headers
| Content-Security-Policy | Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets. |
|---|---|
| Referrer-Policy | Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites. |
| Permissions-Policy | Permissions Policy is a new header that allows a site to control which features and APIs can be used in the browser. |
Raw Headers
| HTTP/2 | 200 |
|---|---|
| date | Thu, 02 May 2024 12:45:33 GMT |
| content-type | text/html; charset=utf-8 |
| content-length | 216080 |
| cache-control | no-store, must-revalidate, no-cache |
| expires | -1 |
| x-ms-gateway-requestid | aa4843c0-7266-4b24-a9a4-53ec30adeb6b |
| x-ua-compatible | IE=edge |
| x-request-id | 35cb4cbd-b04d-47e1-8569-1364e0f01b36 |
| x-build | 1.1.144.0 |
| x-frame-options | DENY |
| public | OPTIONS,TRACE,GET,HEAD,POST |
| strict-transport-security | max-age=31536000; includeSubDomains |
| x-content-type-options | nosniff |
| x-xss-protection | 1; mode=block |
| set-cookie | x-ms-cpim-sso:labcapitalb2c.onmicrosoft.com_0=m1.AcUhHM5IaZimUzK5.h9KPk664wq2d2KGyhjt+yQ==.0.P+f2uKXSBflWK/BDuHEpISYkz36mQ6uHMQsRoOn09VBejCDxxvj3spGhpvvfjnW5eMWqHUc2b2xQ20n4YMIifL3NE38/XN9a0z8SJtAoJmn8sHCN0X3a2cCgf5YoQ9u0xVgUM4bVNfvqQDc71UW465VtTzTJTp69oWAoVqhohu0lhVtPktELymHzwCrF5PLYLk840f+NYn4hnOxBSSfzs/467mPcn1Yrkl1sqN2PHXx1t6hWXp/r3C41SWoZ9p7Va9Qd7yG0t/YPu2AeGkKkFsaLQg1XX8ytjYWOlIgbxO+ds4pHHiSgXhgW1jIsV5K+f7U1hLDIdzITAA==; domain=ciam.credicorpcapitallab.com; path=/; SameSite=None; secure; HttpOnly |
| set-cookie | x-ms-cpim-csrf=UkVTcmlPS3NQbHBNTmt5Y2JWclhKQUpwMWwrV3RvNmFudWRqUVBpZW9GUHZSTFlkcmQxeHMvUWR0SmFoMld0NzJnL0ZncC9JWHNJNTQ0V0VxRGErZ0E9PTsyMDI0LTA1LTAyVDEyOjQ1OjMzLjY4NjM1MDFaO3c0V21LbUt1VUVBK0c4QjdCbmdLZHc9PTt7Ik9yY2hlc3RyYXRpb25TdGVwIjoyfQ==; domain=ciam.credicorpcapitallab.com; path=/; SameSite=None; secure; HttpOnly |
| set-cookie | x-ms-cpim-cache|vuzlnu2w4uefarnk4pabng_0=m1.oGiUPNLvNXPDDhVU.6zxKsmFzWbm6DmlNvOp4LA==.0.c3mqVSoxbMCHPXgFbOqF8YJHnUJSxjcXVPh77IKx4+jvHEPM8s50k20vjVUCsRV+3npEgN2I7LrLzDmHn1GPA8gdqtry4v06Gmqd4A0IR4QIZeH/YUB0pbSuk4aI6mRqygvdFCHtW/3DHTHnpGYMh1nCR9o5lClpieXfCAh1zqlSIlHQ3+GG0atjkg3JvvdY6vl6LES75SwrtaXAeNsKFmoDXHItvg7vMRYqGixYFrzgo9WqkqL0Ga3dITym1xOlAjRxhCtlpbfAZi+ySZZYJUSA3PpULW2Jlxp2k03IZWOljZT0tIwKujD3hOrhiElHonJmnqqhQ2vaqIMwB8MNNwt8pweJOy7TUyf72r45Tem6SOyB/vsWBzpImk6E9wZTBEHcLsOH/ZGMnhF7bo+M5zy2TFkcyymR8ooeoh7FbukBToaU5veL5Or/+Npv3PDSx1Om3YGP+K9AafzXYz+sKD6binAZou7bC68KdmI3czLFZw6NVuu+ErbNORyRL/ZSqDTuMJZTC2FDVC0QxJ3MlkDB5lSG805AcM7AbqwVMfBwdcrmBoUrhS6ow0Ke+GJSaUwr++CuWDin1OK1+6cg3KbgNxwzUagcOEYhzZy5tbA0Glm5o1DPOyZO8CgIQrVHqQ6QubLpWY1I/w0a2Ef/mozpHMwKw8Ru84FvDomY8Rfvkz0u1BSkvR4wW0WyIG/oLjwwsiA5mcpu0BuAd6R19a0KIqoIodf6JG0ei7338rRuD36iswby850m4smwaBGRBB/rP2n+9ojxZ7ZQiwbiSrs77tvzHQEAsy+TnkzSdtnjGYboTiBTxt58agFYJTHd0/VcpnH665Sf1v75JICW+N0ENJOWfblQLOB+1PJBh3fI021Yp4584ooLSrEuaNB/dx5uCENKAo7HzKoSjApEuvOQKrp4LrpsfpfYbyClOZ4jh/PVy0P7aRFAHV8zOvWxgUHQZTkqMG3XPRgKorec+NWwYQepusTy/Zm0AWF9+ohVyOGhl824PilMmNf0xbPBgVozKVvAAfdCaPUDzz54oAKSg2GbWic4JWlMk7gS9wN3CMr4; domain=ciam.credicorpcapitallab.com; path=/; SameSite=None; secure; HttpOnly |
| set-cookie | x-ms-cpim-trans=eyJUX0RJQyI6W3siSSI6IjM1Y2I0Y2JkLWIwNGQtNDdlMS04NTY5LTEzNjRlMGYwMWIzNiIsIlQiOiJsYWJjYXBpdGFsYjJjLm9ubWljcm9zb2Z0LmNvbSIsIlAiOiJiMmNfMWFfdHJhbnNhY2Npb25hbF9zaWduaW4iLCJDIjoiZjYyNDFhNmMtZWFlNi00YTY4LWJkYzctNmYyZDczMTMzMTZhIiwiUyI6MSwiTSI6e30sIkQiOjAsIkUiOiIifV0sIkNfSUQiOiIzNWNiNGNiZC1iMDRkLTQ3ZTEtODU2OS0xMzY0ZTBmMDFiMzYifQ==; domain=ciam.credicorpcapitallab.com; path=/; SameSite=None; secure; HttpOnly |
| allow | OPTIONS |
| allow | TRACE |
| allow | GET |
| allow | HEAD |
| allow | POST |
| x-azure-ref | 20240502T124533Z-r1f495864dfrmdwg35gguyhuyn0000000mu00000000029pt |
| x-cache | CONFIG_NOCACHE |
| accept-ranges | bytes |
Upcoming Headers
| Cross-Origin-Embedder-Policy | Cross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP. |
|---|---|
| Cross-Origin-Opener-Policy | Cross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser. |
| Cross-Origin-Resource-Policy | Cross-Origin Resource Policy allows a resource owner to specify who can load the resource. |
Additional Information
| x-frame-options | X-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking. |
|---|---|
| strict-transport-security | HTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS. |
| x-content-type-options | X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff". |
| x-xss-protection | X-XSS-Protection sets the configuration for the XSS Auditor built into older browsers. The recommended value was "X-XSS-Protection: 1; mode=block" but you should now look at Content Security Policy instead. |
| set-cookie | There is no Cookie Prefix on this cookie. This is not a SameSite Cookie. |