Security Report Summary
C
Site: | https://publicauth.nd.gov/6ad5bb30-924d-4733-88bb-45c24150030e/b2c_1a_ndlogin_signuporsignin/oauth2/v2.0/authorize?client_id=cc2bd3ce-0599-42c5-b819-a28e0acb4b13&redirect_uri=https%3a%2f%2fmfopcert.deq.nd.gov%2fdefault.aspx&response_type=id_token&scope=openid&state=openidconnect.authenticationproperties%3dexipr_u368kpksfhyfh2v4snne7luqmsefblc7lhzh3egoqxzfmvkds7075mdtgukj-1pf8p0ckwlrca3ygudxgc0cqvksxzolucrla8dit3ywscq_h4qwyhhsmfccj00l47zcij7rtve-98mrfcwjq5s3lozycyqy7f_mlvhmzstxnr7pfolbuhlepy7tjp&response_mode=form_post&nonce=638496885402407887.mgi5mwi1mgytyznjmc00zjvhltg0ngmtzme0ytfjnteznzfly2rhzdjlmzetyjzlns00zdjlltlknjyty2jkntcwzjk4ndhh&x-client-sku=id_net461&x-client-ver=5.6.0.0 | ||
---|---|---|---|
IP Address: | 2620:1ec:46::69 | ||
Report Time: | 05 May 2024 19:27:20 UTC | ||
Headers: |
|
||
Advanced: |
|
Missing Headers
Content-Security-Policy | Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets. |
---|---|
Referrer-Policy | Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites. |
Permissions-Policy | Permissions Policy is a new header that allows a site to control which features and APIs can be used in the browser. |
Raw Headers
HTTP/2 | 200 |
---|---|
date | Sun, 05 May 2024 19:27:20 GMT |
content-type | text/html; charset=utf-8 |
content-length | 405315 |
cache-control | no-store, must-revalidate, no-cache |
expires | -1 |
x-ms-gateway-requestid | 1096f1f0-dac9-4561-992f-b58b8dc2c85e |
x-ua-compatible | IE=edge |
x-request-id | 59aa58ec-f020-4067-a6ee-dfe3a56df640 |
x-build | 1.1.144.0 |
x-frame-options | DENY |
public | OPTIONS,TRACE,GET,HEAD,POST |
strict-transport-security | max-age=31536000; includeSubDomains |
x-content-type-options | nosniff |
x-xss-protection | 1; mode=block |
set-cookie | x-ms-cpim-sso:ndlogin.onmicrosoft.com_0=m1.f2H9WiJiqVJmpwLA.fuUfr032t6QUvtaLDsRLag==.0.P0xLtSYh4Bxf8JmcsOwmx74FR19CJmZv2VXqyOX/Ue1F6VkpA+tcdIS1/oGi5s314gaKfSRSOVijBiF/cu8FHKM6f2INaC5mBjZEI5PuDOh5qlqeTzxj/8WMucwnZ5YVjLKmVXpQIw018Lwm9DWnMzL6b38yIulntYZTJQDgtbpjtnXceMo8r7YOQbobsBvUG9L0/+wFgaGe1r6RZRYn9p7YSI4PcXi96BqlWte/yf3RODikyx7652ppGcrPmu743cPdK6UIovICjki5com0SgYRBTexDzCZui7U1DNCEMhB05/J2j+19pK+ctsUswn7zQGlhw+UEnVhp62NvVxLwZnSShgz; domain=publicauth.nd.gov; path=/; SameSite=None; secure; HttpOnly |
set-cookie | x-ms-cpim-csrf=TW1JQndYRGZhZXNUaEF4S2VHZnpEZkFDNU8xQ3JCa3VGSmc0dnVCTEIxdU1US2FKSCtnK1FPTHY0WDkvZFJwZnFQSG1qVXJGMFBDbjEzYUxMMjdXNkE9PTsyMDI0LTA1LTA1VDE5OjI3OjIwLjIyNTYzNzNaO0hNYituTlovOUtidklOWmxoYWlUUUE9PTt7Ik9yY2hlc3RyYXRpb25TdGVwIjoyfQ==; domain=publicauth.nd.gov; path=/; SameSite=None; secure; HttpOnly |
set-cookie | x-ms-cpim-cache|7fiqwsdwz0cm7t_jpw32qa_0=m1.bLYHRObxNRLh6l+J.8eSL/A0jQYFgzez951j/Cg==.0.aoCwmfFYAbTDgKJ5spE21QY4KImj3Gt+pelIcEo2fOifa6IYtj+/a5aXfzJlwFodpEoxfUAu77uT//T/wgrVM8KgSLuYb1EBNjcRFHwVLQD+Ckc5H0lvB1ME24+t7eXsAyrx4DSFqesfWfenzfLHTPXpWjMR1nI3+gEFISk4WcZhx+vjk3EwmpbKwTkrM9BLtvQexWOkVcrdJ7ZXnk3PCpkrhYtj8jAb/4jvN9EkVNJ/EJ4t6PaVbuHKaKBHu5GlcOKzP8FrVOXolaGuxZ94/KeYdRkoeYKcVnYsKoqPSzTTIi/teVzag36JJiA39w2JhnAEqYi/O3Untkqzx0BpD8WWWvIXenr6ZUYrvQfpqcXLSBlJ0a8Q0AkDVmtUnpchuPp9ff3c0vkH/CNVXsQ7wnDWbfNSv8uim0FqjjItHonnr0KytYZFB8L+UV3BSQKjUpclRMkZWCkRUy/yg6rmArwBSOvdahL1U9r6y/ff1ljHbtG+Ajx02tZ02pT+oP8GARRWkaXs39yiKz6R33WbfBAMXLL9Ar6NaLForOcCd0h7C6cZuS/rsW6bDuhaxrsNzyjxA8TinvubgywDX3Rr6NNXWhkX5GoWtg9gMW+pZCcG6btCExrPd68RohbD8y/qCxeErTjdnsN0Y8zNsSvzBM1N2gC6Xq78ocULym6utjcyBFIG3zVXK4r1kACqmistWgmmheJDPzDQlXqlk82IpRu5UI7V8J35NBhN8iKaBfgM6NEHcbijofiA/p+FnEaOw/8qbB1EjqrpAtZVOnVe52dD8JATHkf84GW216InMzk6OgeF1tOrr+a+XSojd7F5oE7BzYvXw2Gljhl81SyfqHTdL18QGD8HZqDNEAi8IgTFAWMcogR/4ZZwN56d4tmYfeSv4mToE2k64s1V2dmMkrC3kRKNu3EUaO5I2N4ii1sJU864gVyb1Ekqu7DZKs1bvF6okXcbTBEwh7oWg/0YP25vN4BsF0bpJaNelELjVK5vqzGL3R4HJI7ox0V97zloELVb71Do/KiSd6tXm5LHs2LTs8UzU9b0bhnvQ6HZO0uDkANyssr9FW9Pg0tseQrfkCvAQLohEK+AQINu195HQmVX/IJM5XmNszacWyV7JJsH; domain=publicauth.nd.gov; path=/; SameSite=None; secure; HttpOnly |
set-cookie | x-ms-cpim-trans=eyJUX0RJQyI6W3siSSI6IjU5YWE1OGVjLWYwMjAtNDA2Ny1hNmVlLWRmZTNhNTZkZjY0MCIsIlQiOiJuZGxvZ2luLm9ubWljcm9zb2Z0LmNvbSIsIlAiOiJiMmNfMWFfbmRsb2dpbl9zaWdudXBvcnNpZ25pbiIsIkMiOiJjYzJiZDNjZS0wNTk5LTQyYzUtYjgxOS1hMjhlMGFjYjRiMTMiLCJTIjoxLCJNIjp7fSwiRCI6MCwiRSI6IiJ9XSwiQ19JRCI6IjU5YWE1OGVjLWYwMjAtNDA2Ny1hNmVlLWRmZTNhNTZkZjY0MCJ9; domain=publicauth.nd.gov; path=/; SameSite=None; secure; HttpOnly |
allow | OPTIONS |
allow | TRACE |
allow | GET |
allow | HEAD |
allow | POST |
x-azure-ref | 20240505T192719Z-15dfcfb9c9c9r59x8axzdk31zn000000042g000000008akt |
x-cache | CONFIG_NOCACHE |
accept-ranges | bytes |
Upcoming Headers
Cross-Origin-Embedder-Policy | Cross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP. |
---|---|
Cross-Origin-Opener-Policy | Cross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser. |
Cross-Origin-Resource-Policy | Cross-Origin Resource Policy allows a resource owner to specify who can load the resource. |
Additional Information
x-frame-options | X-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking. |
---|---|
strict-transport-security | HTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS. |
x-content-type-options | X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff". |
x-xss-protection | X-XSS-Protection sets the configuration for the XSS Auditor built into older browsers. The recommended value was "X-XSS-Protection: 1; mode=block" but you should now look at Content Security Policy instead. |
set-cookie | There is no Cookie Prefix on this cookie. This is not a SameSite Cookie. |
set-cookie | There is no Cookie Prefix on this cookie. This is not a SameSite Cookie. |
set-cookie | There is no Cookie Prefix on this cookie. This is not a SameSite Cookie. |
set-cookie | There is no Cookie Prefix on this cookie. This is not a SameSite Cookie. |