Security Report Summary
C
Site: https://loginunico.b2clogin.com/tfp/loginunico.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/authorize?p=b2c_1a_signup_signin&response_type=id_token&client_id=af81bfa8-decf-4cdf-bb1a-e95d24adf569&redirect_uri=https://edigital.rodobens.com.br/auth/index&response_mode=form_post&scope=openid&empresa=rodobens
IP Address: 2603:1036:3000:f8::1
Report Time: 05 May 2024 06:02:00 UTC
Headers:
  • X-Frame-Options
  • Strict-Transport-Security
  • X-Content-Type-Options
  • Content-Security-Policy
  • Referrer-Policy
  • Permissions-Policy
Advanced:
Not bad… Maybe you should perform a deeper security analysis of your website and APIs:
Missing Headers
Content-Security-PolicyContent Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets.
Referrer-PolicyReferrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.
Permissions-PolicyPermissions Policy is a new header that allows a site to control which features and APIs can be used in the browser.
Raw Headers
HTTP/1.1200 OK
Cache-Controlno-store, must-revalidate, no-cache
Content-Typetext/html; charset=utf-8
Content-Encodinggzip
Expires-1
VaryAccept-Encoding
x-ms-gateway-requestid7f4142d2-604f-46b5-a8b9-891961561354
X-UA-CompatibleIE=edge
X-Request-ID67d2fac0-c0ad-4f11-a1cc-b8198078196a
X-Build1.1.148.0
X-Frame-OptionsDENY
PublicOPTIONS,TRACE,GET,HEAD,POST
Strict-Transport-Securitymax-age=31536000; includeSubDomains
X-Content-Type-Optionsnosniff
X-XSS-Protection1; mode=block
Set-Cookiex-ms-cpim-csrf=KzRsNnJwR2VOSDV3bFlsKyt1cEk2REtoVjV6NmhWVHRZZ2Q5cjkxbDJpckUyR0JVTThpK2RBL3lqY1B1UWZ3ODBucEdvMDBtYkFtMnhaR3BJVW5vV0E9PTsyMDI0LTA1LTA1VDA2OjAyOjAwLjgxNzIwNjlaO25rdnRhVXBQU2dtQ1lFb1FoVmZ0UlE9PTt7Ik9yY2hlc3RyYXRpb25TdGVwIjoxfQ==; domain=loginunico.b2clogin.com; path=/; SameSite=None; secure; HttpOnly
Set-Cookiex-ms-cpim-cache|wprsz63aeu-hzlgzghgzag_0=m1.mTgX0tx4aDOpyGcb.wHgrcfmRPDuQnK9geGL5AQ==.0.FmlEKcts2g2heyo5i5bC5bl0Htr/1nND1udcGSC29mSDtzwmSceUE9zVf3SfZqBNgSXEfWD+ZsUJ17hUo63s2BJIFHX5cN5zFRApgHNBLDyD/WIWKxrrUyJh4vyRYJnhItXWS4V1i3rrt9kKcShbVNCAZP8VkeJO9/ZwM1oSVL2CzFOz9z4S0i/wl7u7ndHSnL66hSqMp3e/uQz/ld39T7Y1lbOOgSR4JmvxPbAIQOyCOMFRGCQhvfNjIkPHRMmvwfn4kEPT4bbpi3H0vtsKHAokU3i7ypP5taJ8Lz1Y+fo6hUcThDKF4xB1tSZTwOkj+Zt4nCaZvBYEFkCf58LM/5NFyP5PopKkTIYTAlUrc57IEEa8A3Mr5Z0rQaVwGnmqEzm/+Tkc3LZBRLnxALNrkhy3lC5g/Lmg0g2eHAfjSV4rnMNNtRnCDOW+8KyoJ+rcYpA2Km5sMtOslxqGypVjUXR7m8ZTPyY8N5n1Ogm3qWZVpycjjWZGOLexcDCaW29D2wQpP59lQU573GAH0jPcw5QZ9tDtuFkFuQDUFrNtneiGMaY0QdPpdiMYbgLfIvnhhuOXXk6Vy995UW2limADow62EBtyMGfjn2R2ng7MLz0BnPo99FICkqYoIobl77CsmlXmNYM2YUhckyxSDo6+6pocPvHML0YsO74X46vNHs6jYV+snazZ090r0gg=; domain=loginunico.b2clogin.com; path=/; SameSite=None; secure; HttpOnly
Set-Cookiex-ms-cpim-trans=eyJUX0RJQyI6W3siSSI6IjY3ZDJmYWMwLWMwYWQtNGYxMS1hMWNjLWI4MTk4MDc4MTk2YSIsIlQiOiJsb2dpbnVuaWNvLm9ubWljcm9zb2Z0LmNvbSIsIlAiOiJiMmNfMWFfc2lnbnVwX3NpZ25pbiIsIkMiOiJhZjgxYmZhOC1kZWNmLTRjZGYtYmIxYS1lOTVkMjRhZGY1NjkiLCJTIjoxLCJNIjp7fSwiRCI6MCwiRSI6IiJ9XSwiQ19JRCI6IjY3ZDJmYWMwLWMwYWQtNGYxMS1hMWNjLWI4MTk4MDc4MTk2YSJ9; domain=loginunico.b2clogin.com; path=/; SameSite=None; secure; HttpOnly
AllowOPTIONS
AllowTRACE
AllowGET
AllowHEAD
AllowPOST
DateSun, 05 May 2024 06:02:00 GMT
Content-Length61740
Upcoming Headers
Cross-Origin-Embedder-PolicyCross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP.
Cross-Origin-Opener-PolicyCross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser.
Cross-Origin-Resource-PolicyCross-Origin Resource Policy allows a resource owner to specify who can load the resource.
Additional Information
X-Frame-OptionsX-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking.
Strict-Transport-SecurityHTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS.
X-Content-Type-OptionsX-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff".
X-XSS-ProtectionX-XSS-Protection sets the configuration for the XSS Auditor built into older browsers. The recommended value was "X-XSS-Protection: 1; mode=block" but you should now look at Content Security Policy instead.
Set-CookieThere is no Cookie Prefix on this cookie. This is not a SameSite Cookie.
Set-CookieThere is no Cookie Prefix on this cookie. This is not a SameSite Cookie.
Set-CookieThere is no Cookie Prefix on this cookie. This is not a SameSite Cookie.