Security Report Summary
C
Site: https://publicauth.nd.gov/6ad5bb30-924d-4733-88bb-45c24150030e/b2c_1a_ndlogin_signuporsignin/oauth2/v2.0/authorize?client_id=cc2bd3ce-0599-42c5-b819-a28e0acb4b13&redirect_uri=https%3a%2f%2fmfopcert.deq.nd.gov%2fdefault.aspx&response_type=id_token&scope=openid&state=openidconnect.authenticationproperties%3dz44gide6ihosuntteec-ypmcpvs2rlpacignprw-5nqnvoajadddylthequ6xg5nb3okzbu-xtwbgvqahjydkzxdszrsn2pvvawcqljdgvo_cl0p1uzyan2dq5bu2uueygjeq2gv5amw6p27jnfxb4bu-pono5ufpq9uuv_l9dsyx8xrubfmpi-iqdwl0rtm&response_mode=form_post&nonce=638496995517646015.ogfkyzg4zdmtotvmny00owe4lwjky2qtmmfknmrknwu0nzk2nwfiyti2yzktyjrlos00ywu4ltg5mzqtogezn2ewn2zjzdey&x-client-sku=id_net461&x-client-ver=5.6.0.0
IP Address: 2620:1ec:46::69
Report Time: 05 May 2024 10:58:40 UTC
Headers:
  • X-Frame-Options
  • Strict-Transport-Security
  • X-Content-Type-Options
  • Content-Security-Policy
  • Referrer-Policy
  • Permissions-Policy
Advanced:
Not bad… Maybe you should perform a deeper security analysis of your website and APIs:
Missing Headers
Content-Security-PolicyContent Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets.
Referrer-PolicyReferrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.
Permissions-PolicyPermissions Policy is a new header that allows a site to control which features and APIs can be used in the browser.
Raw Headers
HTTP/2200
dateSun, 05 May 2024 10:58:40 GMT
content-typetext/html; charset=utf-8
content-length405315
cache-controlno-store, must-revalidate, no-cache
expires-1
x-ms-gateway-requestid0854ef44-404b-484b-9bc6-73b4a5fbd748
x-ua-compatibleIE=edge
x-request-id08a5b179-bd2a-4250-b035-3e6e279b782c
x-build1.1.148.0
x-frame-optionsDENY
publicOPTIONS,TRACE,GET,HEAD,POST
strict-transport-securitymax-age=31536000; includeSubDomains
x-content-type-optionsnosniff
x-xss-protection1; mode=block
set-cookiex-ms-cpim-sso:ndlogin.onmicrosoft.com_0=m1.ctT/R2W2qanhsF9E.BovPw58VK4JVYC9Oj2oVMQ==.0.j+xGzfbX/2M+ctsrosjSAtFRIECkKyNCdmod09ubBHJ2EPpGCCphrS1BtE2ggu6AA95jF3t96kQTJTyjx+U7iqbU5z25/qVKHR1cbHMlgJQ8IhwP1k+KrC+Kt9kmaFiRYqnGb9BaBJNxDGQkAeBhsg07yjiZWD5QuZj8Oz+3rBsyEKDZnLFOWViV7gBs0zaVTlP2IPoybcUm4WNb4PCIgGxjod3PTys/OE1s7n8FmiOR7RW+uS3E2GNJ6ee0yxuqsAJsxoogZWNaLaeug6w8BCJKVoXwDZ566O4f+eik5KTaL/6TL6YdWhrmgS81JKb0Dryn1K6Tquwh/MOdksdqrHBgRs7DCAA=; domain=publicauth.nd.gov; path=/; SameSite=None; secure; HttpOnly
set-cookiex-ms-cpim-csrf=OU5GNW0rU1JTSG1Fd2g3akgwb2ZNSkczazVNNEJiMytobUhFVklINkxLWFgyajcvYmV0OHdCa2diWXZtUXpTcjNxdk9pNktNcStxZDVYNHlGZmpUWGc9PTsyMDI0LTA1LTA1VDEwOjU4OjQwLjU5NzkxOTJaOyt1dytYZVgvSXQrSHkxd1ZaVVNwM3c9PTt7Ik9yY2hlc3RyYXRpb25TdGVwIjoyfQ==; domain=publicauth.nd.gov; path=/; SameSite=None; secure; HttpOnly
set-cookiex-ms-cpim-cache|ebglccq9uekwnt5uj5t4la_0=m1.xpV2VmS9a6kyxmT/.BN3If7PtwCAi6IWNsmMY/w==.0.ue7G43Abu1I56nwSrCPJ1KNx+IMhYKpnBUvpRReVBO8MsLCzSqweg6OZw28ge3g3SI/TXoX1sQxOGQJHMqsavW3nbjx5C4k9lnySoH/OO24mJkeyuXSY8lxnLKLwPwdzZdAj1fQxWz1XvkRE6YTxYMBFepXjMoa0VStywcqRqDX+tNPymTqZU7pVHnJyTfROIC6ksn3WPRgqaN4tnOC1HOvaRvSU3herhXoIzKLllE+Y+EDEJvd+SWvd+jvkhsZbDtaDAxQFZ5M44o7XdnbJl5qj4hwKBP7y8beG924hwWz8tThq9m42B9HrNEMTj+UcPcaRW7MlMptT5oUO4bUy7+oGUC6f5WcmHka+2sJNXeV8iMOvJvuXYw84jrlhfe9acO8jVU2QFlPFsXV7o5U7zFo3dxdvFgE9p056OrFYftoIEAG4XAc0SxD1NyuY+vglYi7MlY8ObZe1MjgZVaSe/dBLXBCGE9oSuRU2Ay8kG9pU8CG6iphOHKnBpjU/0oBnTBuMbYIsWKl1PMV+r33WPotomEeM+xKguTmnBrGO17QboA62NhTIoUL++f8zBfVHpL2PJqdAtIWuPsjOd4Ey2+25/ymW2xRCMwYZGy7SsiUGI6NIb8llhd1zM+FClgAhvhb76CvfiIb5uqrbbEchySaRkYTEZjwl+DDpKuC9S8MMV/e47F7URW5JR4U6dQDGGBsD4YhIHOZiN0iqcbVfCrPDNHes61LmDSIGDb4Q2O7+gvafUJG4qUt68+P0VFqAws7BjqtrSi9Rh50rwolkJqrRWZMmGjqBcfoY/i7iXhUNx01P6ehexJprk0qZcHH4X7Rm/aBkLTfpCO3yTVVdPjdblDC8wTOJv+CHNRR0PDpzh8x4SgLMqOItIQutilaUarfxfknXrr8IqOvEFGdb+6MUcXKE2cY1p5NtO8mYEqepPvMtimIy8TCW4DcL2i86rIYjbBC1yI3tkZat4sLKS8FlGlqzCgIAC+96yJt6ZNjkCjTQoEhXdPRjenUe2hm6Y94VCWlob5k3LeDFjT1CfMuv3dzkTH62Cr9zJUhMbNZjQ/KmxzoB+WHVRUeK5j7bHBawZHjkCNntOaq3KNaVY32StwOZWxf5YoMsZSG/zDEkUrIZ5jySpSE=; domain=publicauth.nd.gov; path=/; SameSite=None; secure; HttpOnly
set-cookiex-ms-cpim-trans=eyJUX0RJQyI6W3siSSI6IjA4YTViMTc5LWJkMmEtNDI1MC1iMDM1LTNlNmUyNzliNzgyYyIsIlQiOiJuZGxvZ2luLm9ubWljcm9zb2Z0LmNvbSIsIlAiOiJiMmNfMWFfbmRsb2dpbl9zaWdudXBvcnNpZ25pbiIsIkMiOiJjYzJiZDNjZS0wNTk5LTQyYzUtYjgxOS1hMjhlMGFjYjRiMTMiLCJTIjoxLCJNIjp7fSwiRCI6MCwiRSI6IiJ9XSwiQ19JRCI6IjA4YTViMTc5LWJkMmEtNDI1MC1iMDM1LTNlNmUyNzliNzgyYyJ9; domain=publicauth.nd.gov; path=/; SameSite=None; secure; HttpOnly
allowOPTIONS
allowTRACE
allowGET
allowHEAD
allowPOST
x-azure-ref20240505T105840Z-15dfcfb9c9cp8tdfkmq5t6aqr000000003tg0000000016ak
x-cacheCONFIG_NOCACHE
accept-rangesbytes
Upcoming Headers
Cross-Origin-Embedder-PolicyCross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP.
Cross-Origin-Opener-PolicyCross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser.
Cross-Origin-Resource-PolicyCross-Origin Resource Policy allows a resource owner to specify who can load the resource.
Additional Information
x-frame-optionsX-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking.
strict-transport-securityHTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS.
x-content-type-optionsX-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff".
x-xss-protectionX-XSS-Protection sets the configuration for the XSS Auditor built into older browsers. The recommended value was "X-XSS-Protection: 1; mode=block" but you should now look at Content Security Policy instead.
set-cookieThere is no Cookie Prefix on this cookie. This is not a SameSite Cookie.
set-cookieThere is no Cookie Prefix on this cookie. This is not a SameSite Cookie.
set-cookieThere is no Cookie Prefix on this cookie. This is not a SameSite Cookie.
set-cookieThere is no Cookie Prefix on this cookie. This is not a SameSite Cookie.