Security Report Summary
D
Site: | https://mobile.santander.com.br/ | ||
---|---|---|---|
IP Address: | 2.19.176.146 | ||
Report Time: | 17 Feb 2025 17:19:59 UTC | ||
Headers: |
|
||
Advanced: |
|
Missing Headers
Content-Security-Policy | Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets. |
---|---|
X-Frame-Options | X-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking. Recommended value "X-Frame-Options: SAMEORIGIN". |
X-Content-Type-Options | X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff". |
Referrer-Policy | Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites. |
Permissions-Policy | Permissions Policy is a new header that allows a site to control which features and APIs can be used in the browser. |
Warnings
Response is not HTML | The content-type of the response does not indicate HTML. Not all headers, and therefore the score, may be appropriate. |
---|---|
Status code indicates error | The status code of the response indicates an error. Not all headers may be set when the response is an error. |
Raw Headers
HTTP/2 | 404 |
---|---|
content-type | text/plain; charset=utf-8 |
content-length | 21 |
strict-transport-security | max-age=15724800; includeSubDomains |
expires | Mon, 17 Feb 2025 17:19:59 GMT |
cache-control | max-age=0, no-cache, no-store |
pragma | no-cache |
date | Mon, 17 Feb 2025 17:19:59 GMT |
server-timing | cdn-cache; desc=MISS |
server-timing | edge; dur=242 |
server-timing | origin; dur=11 |
alt-svc | h3=":443"; ma=93600 |
set-cookie | akaalb_mobile_santander=~op=mobile_santander:DC_AWS_C|~rv=79~m=DC_AWS_C:0|~os=fd5947ee9a407982a7a47e86d479733d~id=74c6cde908c8098c519020c3400437b1; path=/; HttpOnly; Secure; SameSite=None |
set-cookie | _abck=05DB173BCE414EF3ED8F91A5F9337FA0~-1~YAAQjrATAo3NR+KUAQAAMoXsFA2XdhcdiDaIW7XS8QPHTgkbJi6GPoVy32jevFETtLIJdqfICpqtJqSVlAPHR5R9tOKN/20lrKH8A7oMNCncPdCvG+FN0IQWFTI1YxBTZT66WLxoXfroOoDxzNqZM9AKBh4O+VK49JsRHSZaxdlyAhQc3IrVFxUqfqAnlxNX5fTWCgKeQHg8+SxWpVV1PyVKHwAXtxcSD+pqYEPhUjgNqYL+Vv5mMBFTgveEpng6YPZQo0Ib/EhQQlu3Tr56o++G6b0gsRnELXD9tekNRXboptpzy6N99mS2RrmHE9xzkFsy31eu3Aa8uZ4zXJrMEqEA0nL1cYvB8PvJgs6Ul9QzTQvKTIvAuoZdvHQtYB8C0tLhLdB2Xel3uWQ4tDQ9QN4APKUxIbm7H9uawiEIRiX2XeQ=~-1~-1~-1; Domain=.santander.com.br; Path=/; Expires=Tue, 17 Feb 2026 17:19:59 GMT; Max-Age=31536000; SameSite=None; Secure |
set-cookie | ak_bmsc=B8B3AA276012CB2EB9D1A1FFE5A16E84~000000000000000000000000000000~YAAQjrATAo7NR+KUAQAAMoXsFBqULeAw2Wg+TgyWqsdnU1+KwYi+Pzw6VDMsrSKIBUt+NPdiNoGe9Im1LKWjEU3ovop0f7HRAgIZ2GA09fgvDXCS+EGkBDPWgpNx/GLCY48tePImsH3mn1cxGSAgD2g7ho0bZ68+08XNM/gCt/k5NuJjEGpjvMFKw8X3iWsVvEPN2GKGHjMWL475DZEhEh6K9SLS7qfZZJ9Vd97u8lk0Xwxkmn/Uj+6RM/NgQlzgeUv2y2xmqbkk4lZhyWY8lEtr4XySRo+zKn2NiCZZleFh0a9lSXh/tndcahXuUwsk7LA0EOHJwwSyJdaVS82b3K9AB1jbnaNCHKf6roc/J5ck7ftuGFr0SFTb35plesw+RZUNjZKb5wdKBv5rGfufDzY=; Domain=.santander.com.br; Path=/; Expires=Mon, 17 Feb 2025 19:19:59 GMT; Max-Age=7200; SameSite=None; Secure |
set-cookie | bm_sz=952C3130BC6AF8F2836B6C9D323D6777~YAAQjrATAo/NR+KUAQAAMoXsFBqKzggCjVsHbSsiuTAJV10APlV1MSoI0i+S/0ydGopi1J15qV7t0zpLMSCb96OFRThAtiywCzWJn3B8bwc2VAcK0rF4VT4gZuWivJZqu1MhJRKQhKIAYEgVvnxdleC/bOu7VF+qVJzSH44DgbdWnz4Qam/ribUEGVkP5aeVoKN+Ri+tu+dLKpVY2jkiIb1AdzUYTer8Kebz7xbUKSCByoCkWhPFiGMrt/FkY0pdVO0j39hdeeUIuRtqt7U5Nq36o1ofXNzw0Qll9RHEwWRehK7pwUpt9j1PNv0I+gIqMo4loqOjetzrr8Aop0Hx88nZ1KGYG5gjFm+ggPhlT3HZJz0ywa0vqvyLE3bD5DVl0jstFtVSI72N841c61u5nRfsTv+9~3748931~3159344; Domain=.santander.com.br; Path=/; Expires=Mon, 17 Feb 2025 21:19:59 GMT; Max-Age=14400; SameSite=None; Secure |
server-timing | ak_p; desc="1739812799441_34844814_2350100987_25223_94406_0_3_15";dur=1 |
Upcoming Headers
Cross-Origin-Embedder-Policy | Cross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP. |
---|---|
Cross-Origin-Opener-Policy | Cross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser. |
Cross-Origin-Resource-Policy | Cross-Origin Resource Policy allows a resource owner to specify who can load the resource. |
Additional Information
strict-transport-security | HTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS. |
---|