Security Report Summary
D
Site: | https://hubbalcao.b3.com.br/login/index.fcc?type=33554433&realmoid=06-00080afe-9346-10af-aa5d-29590a600000&guid=&smauthreason=0&method=get&smagentname=-sm-cuap4e0bm7gqaikf7ml2m7it82isd0ozkwsyw51k%2ftp2bkaib3autjaryohepdsx&target=-sm-https%3a%2f%2fhubbalcao%2eb3%2ecom%2ebr%2f | ||
---|---|---|---|
IP Address: | 177.54.222.94 | ||
Report Time: | 02 May 2024 15:21:57 UTC | ||
Headers: |
|
||
Advanced: |
|
Missing Headers
Content-Security-Policy | Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets. |
---|---|
X-Content-Type-Options | X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff". |
Referrer-Policy | Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites. |
Permissions-Policy | Permissions Policy is a new header that allows a site to control which features and APIs can be used in the browser. |
Warnings
Status code indicates error | The status code of the response indicates an error. Not all headers may be set when the response is an error. |
---|
Raw Headers
HTTP/1.1 | 500 Internal Server Error |
---|---|
Date | Thu, 02 May 2024 15:21:57 GMT |
X-Frame-Options | SAMEORIGIN |
Server-Timing | dtSInfo;desc="0", dtRpid;desc="715668772" |
Set-Cookie | dtCookie=v_4_srv_27_sn_D98FAE38C3BCB43441ACDFC81DB3AFB1_perc_100000_ol_0_mul_1_app-3A1e10b50b1a26dcf5_1_rcs-3Acss_0; Path=/; Domain=.b3.com.br |
Content-Length | 8 |
Connection | close |
Content-Type | text/html; charset=iso-8859-1 |
Set-Cookie | BIGipServerpool_hubbalcao.b3.com.br_443=271671306.47873.0000; path=/; Httponly |
Set-Cookie | TS01871345=011d592ce1a781f641aff749e7663eb51e6dcf1a1ae4404a6616b7d2de214af41e63af5d9a360c77d4385e281d5162278f1efd8729; Path=/; HTTPOnly |
Set-Cookie | TS0134a800=011d592ce1a781f641aff749e7663eb51e6dcf1a1ae4404a6616b7d2de214af41e63af5d9a360c77d4385e281d5162278f1efd8729; path=/; domain=.b3.com.br; HTTPonly |
Set-Cookie | BIGipServerpool_hubbalcao.b3.com.br_443_WAF=1580798986.64288.0000; path=/; Httponly; Secure |
Strict-Transport-Security | max-age=31536000; includeSubDomains |
Upcoming Headers
Cross-Origin-Embedder-Policy | Cross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP. |
---|---|
Cross-Origin-Opener-Policy | Cross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser. |
Cross-Origin-Resource-Policy | Cross-Origin Resource Policy allows a resource owner to specify who can load the resource. |
Additional Information
X-Frame-Options | X-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking. |
---|---|
Strict-Transport-Security | HTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS. |