Security Report Summary
C
Site: https://publicauth.nd.gov/6ad5bb30-924d-4733-88bb-45c24150030e/b2c_1a_ndlogin_signuporsignin/oauth2/v2.0/authorize?client_id=cc2bd3ce-0599-42c5-b819-a28e0acb4b13&redirect_uri=https%3a%2f%2fmfopcert.deq.nd.gov%2fdefault.aspx&response_type=id_token&scope=openid&state=openidconnect.authenticationproperties%3dexipr_u368kpksfhyfh2v4snne7luqmsefblc7lhzh3egoqxzfmvkds7075mdtgukj-1pf8p0ckwlrca3ygudxgc0cqvksxzolucrla8dit3ywscq_h4qwyhhsmfccj00l47zcij7rtve-98mrfcwjq5s3lozycyqy7f_mlvhmzstxnr7pfolbuhlepy7tjp&response_mode=form_post&nonce=638496885402407887.mgi5mwi1mgytyznjmc00zjvhltg0ngmtzme0ytfjnteznzfly2rhzdjlmzetyjzlns00zdjlltlknjyty2jkntcwzjk4ndhh&x-client-sku=id_net461&x-client-ver=5.6.0.0
IP Address: 2620:1ec:46::69
Report Time: 05 May 2024 19:27:20 UTC
Headers:
  • X-Frame-Options
  • Strict-Transport-Security
  • X-Content-Type-Options
  • Content-Security-Policy
  • Referrer-Policy
  • Permissions-Policy
Advanced:
Not bad… Maybe you should perform a deeper security analysis of your website and APIs:
Missing Headers
Content-Security-PolicyContent Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets.
Referrer-PolicyReferrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.
Permissions-PolicyPermissions Policy is a new header that allows a site to control which features and APIs can be used in the browser.
Raw Headers
HTTP/2200
dateSun, 05 May 2024 19:27:20 GMT
content-typetext/html; charset=utf-8
content-length405315
cache-controlno-store, must-revalidate, no-cache
expires-1
x-ms-gateway-requestid1096f1f0-dac9-4561-992f-b58b8dc2c85e
x-ua-compatibleIE=edge
x-request-id59aa58ec-f020-4067-a6ee-dfe3a56df640
x-build1.1.144.0
x-frame-optionsDENY
publicOPTIONS,TRACE,GET,HEAD,POST
strict-transport-securitymax-age=31536000; includeSubDomains
x-content-type-optionsnosniff
x-xss-protection1; mode=block
set-cookiex-ms-cpim-sso:ndlogin.onmicrosoft.com_0=m1.f2H9WiJiqVJmpwLA.fuUfr032t6QUvtaLDsRLag==.0.P0xLtSYh4Bxf8JmcsOwmx74FR19CJmZv2VXqyOX/Ue1F6VkpA+tcdIS1/oGi5s314gaKfSRSOVijBiF/cu8FHKM6f2INaC5mBjZEI5PuDOh5qlqeTzxj/8WMucwnZ5YVjLKmVXpQIw018Lwm9DWnMzL6b38yIulntYZTJQDgtbpjtnXceMo8r7YOQbobsBvUG9L0/+wFgaGe1r6RZRYn9p7YSI4PcXi96BqlWte/yf3RODikyx7652ppGcrPmu743cPdK6UIovICjki5com0SgYRBTexDzCZui7U1DNCEMhB05/J2j+19pK+ctsUswn7zQGlhw+UEnVhp62NvVxLwZnSShgz; domain=publicauth.nd.gov; path=/; SameSite=None; secure; HttpOnly
set-cookiex-ms-cpim-csrf=TW1JQndYRGZhZXNUaEF4S2VHZnpEZkFDNU8xQ3JCa3VGSmc0dnVCTEIxdU1US2FKSCtnK1FPTHY0WDkvZFJwZnFQSG1qVXJGMFBDbjEzYUxMMjdXNkE9PTsyMDI0LTA1LTA1VDE5OjI3OjIwLjIyNTYzNzNaO0hNYituTlovOUtidklOWmxoYWlUUUE9PTt7Ik9yY2hlc3RyYXRpb25TdGVwIjoyfQ==; domain=publicauth.nd.gov; path=/; SameSite=None; secure; HttpOnly
set-cookiex-ms-cpim-cache|7fiqwsdwz0cm7t_jpw32qa_0=m1.bLYHRObxNRLh6l+J.8eSL/A0jQYFgzez951j/Cg==.0.aoCwmfFYAbTDgKJ5spE21QY4KImj3Gt+pelIcEo2fOifa6IYtj+/a5aXfzJlwFodpEoxfUAu77uT//T/wgrVM8KgSLuYb1EBNjcRFHwVLQD+Ckc5H0lvB1ME24+t7eXsAyrx4DSFqesfWfenzfLHTPXpWjMR1nI3+gEFISk4WcZhx+vjk3EwmpbKwTkrM9BLtvQexWOkVcrdJ7ZXnk3PCpkrhYtj8jAb/4jvN9EkVNJ/EJ4t6PaVbuHKaKBHu5GlcOKzP8FrVOXolaGuxZ94/KeYdRkoeYKcVnYsKoqPSzTTIi/teVzag36JJiA39w2JhnAEqYi/O3Untkqzx0BpD8WWWvIXenr6ZUYrvQfpqcXLSBlJ0a8Q0AkDVmtUnpchuPp9ff3c0vkH/CNVXsQ7wnDWbfNSv8uim0FqjjItHonnr0KytYZFB8L+UV3BSQKjUpclRMkZWCkRUy/yg6rmArwBSOvdahL1U9r6y/ff1ljHbtG+Ajx02tZ02pT+oP8GARRWkaXs39yiKz6R33WbfBAMXLL9Ar6NaLForOcCd0h7C6cZuS/rsW6bDuhaxrsNzyjxA8TinvubgywDX3Rr6NNXWhkX5GoWtg9gMW+pZCcG6btCExrPd68RohbD8y/qCxeErTjdnsN0Y8zNsSvzBM1N2gC6Xq78ocULym6utjcyBFIG3zVXK4r1kACqmistWgmmheJDPzDQlXqlk82IpRu5UI7V8J35NBhN8iKaBfgM6NEHcbijofiA/p+FnEaOw/8qbB1EjqrpAtZVOnVe52dD8JATHkf84GW216InMzk6OgeF1tOrr+a+XSojd7F5oE7BzYvXw2Gljhl81SyfqHTdL18QGD8HZqDNEAi8IgTFAWMcogR/4ZZwN56d4tmYfeSv4mToE2k64s1V2dmMkrC3kRKNu3EUaO5I2N4ii1sJU864gVyb1Ekqu7DZKs1bvF6okXcbTBEwh7oWg/0YP25vN4BsF0bpJaNelELjVK5vqzGL3R4HJI7ox0V97zloELVb71Do/KiSd6tXm5LHs2LTs8UzU9b0bhnvQ6HZO0uDkANyssr9FW9Pg0tseQrfkCvAQLohEK+AQINu195HQmVX/IJM5XmNszacWyV7JJsH; domain=publicauth.nd.gov; path=/; SameSite=None; secure; HttpOnly
set-cookiex-ms-cpim-trans=eyJUX0RJQyI6W3siSSI6IjU5YWE1OGVjLWYwMjAtNDA2Ny1hNmVlLWRmZTNhNTZkZjY0MCIsIlQiOiJuZGxvZ2luLm9ubWljcm9zb2Z0LmNvbSIsIlAiOiJiMmNfMWFfbmRsb2dpbl9zaWdudXBvcnNpZ25pbiIsIkMiOiJjYzJiZDNjZS0wNTk5LTQyYzUtYjgxOS1hMjhlMGFjYjRiMTMiLCJTIjoxLCJNIjp7fSwiRCI6MCwiRSI6IiJ9XSwiQ19JRCI6IjU5YWE1OGVjLWYwMjAtNDA2Ny1hNmVlLWRmZTNhNTZkZjY0MCJ9; domain=publicauth.nd.gov; path=/; SameSite=None; secure; HttpOnly
allowOPTIONS
allowTRACE
allowGET
allowHEAD
allowPOST
x-azure-ref20240505T192719Z-15dfcfb9c9c9r59x8axzdk31zn000000042g000000008akt
x-cacheCONFIG_NOCACHE
accept-rangesbytes
Upcoming Headers
Cross-Origin-Embedder-PolicyCross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP.
Cross-Origin-Opener-PolicyCross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser.
Cross-Origin-Resource-PolicyCross-Origin Resource Policy allows a resource owner to specify who can load the resource.
Additional Information
x-frame-optionsX-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking.
strict-transport-securityHTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS.
x-content-type-optionsX-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff".
x-xss-protectionX-XSS-Protection sets the configuration for the XSS Auditor built into older browsers. The recommended value was "X-XSS-Protection: 1; mode=block" but you should now look at Content Security Policy instead.
set-cookieThere is no Cookie Prefix on this cookie. This is not a SameSite Cookie.
set-cookieThere is no Cookie Prefix on this cookie. This is not a SameSite Cookie.
set-cookieThere is no Cookie Prefix on this cookie. This is not a SameSite Cookie.
set-cookieThere is no Cookie Prefix on this cookie. This is not a SameSite Cookie.