Security Report Summary
C
Site: | https://publicauth.nd.gov/6ad5bb30-924d-4733-88bb-45c24150030e/b2c_1a_ndlogin_signuporsignin/oauth2/v2.0/authorize?client_id=cc2bd3ce-0599-42c5-b819-a28e0acb4b13&redirect_uri=https%3a%2f%2fmfopcert.deq.nd.gov%2fdefault.aspx&response_type=id_token&scope=openid&state=openidconnect.authenticationproperties%3dz44gide6ihosuntteec-ypmcpvs2rlpacignprw-5nqnvoajadddylthequ6xg5nb3okzbu-xtwbgvqahjydkzxdszrsn2pvvawcqljdgvo_cl0p1uzyan2dq5bu2uueygjeq2gv5amw6p27jnfxb4bu-pono5ufpq9uuv_l9dsyx8xrubfmpi-iqdwl0rtm&response_mode=form_post&nonce=638496995517646015.ogfkyzg4zdmtotvmny00owe4lwjky2qtmmfknmrknwu0nzk2nwfiyti2yzktyjrlos00ywu4ltg5mzqtogezn2ewn2zjzdey&x-client-sku=id_net461&x-client-ver=5.6.0.0 | ||
---|---|---|---|
IP Address: | 2620:1ec:46::69 | ||
Report Time: | 05 May 2024 10:58:40 UTC | ||
Headers: |
|
||
Advanced: |
|
Missing Headers
Content-Security-Policy | Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets. |
---|---|
Referrer-Policy | Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites. |
Permissions-Policy | Permissions Policy is a new header that allows a site to control which features and APIs can be used in the browser. |
Raw Headers
HTTP/2 | 200 |
---|---|
date | Sun, 05 May 2024 10:58:40 GMT |
content-type | text/html; charset=utf-8 |
content-length | 405315 |
cache-control | no-store, must-revalidate, no-cache |
expires | -1 |
x-ms-gateway-requestid | 0854ef44-404b-484b-9bc6-73b4a5fbd748 |
x-ua-compatible | IE=edge |
x-request-id | 08a5b179-bd2a-4250-b035-3e6e279b782c |
x-build | 1.1.148.0 |
x-frame-options | DENY |
public | OPTIONS,TRACE,GET,HEAD,POST |
strict-transport-security | max-age=31536000; includeSubDomains |
x-content-type-options | nosniff |
x-xss-protection | 1; mode=block |
set-cookie | x-ms-cpim-sso:ndlogin.onmicrosoft.com_0=m1.ctT/R2W2qanhsF9E.BovPw58VK4JVYC9Oj2oVMQ==.0.j+xGzfbX/2M+ctsrosjSAtFRIECkKyNCdmod09ubBHJ2EPpGCCphrS1BtE2ggu6AA95jF3t96kQTJTyjx+U7iqbU5z25/qVKHR1cbHMlgJQ8IhwP1k+KrC+Kt9kmaFiRYqnGb9BaBJNxDGQkAeBhsg07yjiZWD5QuZj8Oz+3rBsyEKDZnLFOWViV7gBs0zaVTlP2IPoybcUm4WNb4PCIgGxjod3PTys/OE1s7n8FmiOR7RW+uS3E2GNJ6ee0yxuqsAJsxoogZWNaLaeug6w8BCJKVoXwDZ566O4f+eik5KTaL/6TL6YdWhrmgS81JKb0Dryn1K6Tquwh/MOdksdqrHBgRs7DCAA=; domain=publicauth.nd.gov; path=/; SameSite=None; secure; HttpOnly |
set-cookie | x-ms-cpim-csrf=OU5GNW0rU1JTSG1Fd2g3akgwb2ZNSkczazVNNEJiMytobUhFVklINkxLWFgyajcvYmV0OHdCa2diWXZtUXpTcjNxdk9pNktNcStxZDVYNHlGZmpUWGc9PTsyMDI0LTA1LTA1VDEwOjU4OjQwLjU5NzkxOTJaOyt1dytYZVgvSXQrSHkxd1ZaVVNwM3c9PTt7Ik9yY2hlc3RyYXRpb25TdGVwIjoyfQ==; domain=publicauth.nd.gov; path=/; SameSite=None; secure; HttpOnly |
set-cookie | x-ms-cpim-cache|ebglccq9uekwnt5uj5t4la_0=m1.xpV2VmS9a6kyxmT/.BN3If7PtwCAi6IWNsmMY/w==.0.ue7G43Abu1I56nwSrCPJ1KNx+IMhYKpnBUvpRReVBO8MsLCzSqweg6OZw28ge3g3SI/TXoX1sQxOGQJHMqsavW3nbjx5C4k9lnySoH/OO24mJkeyuXSY8lxnLKLwPwdzZdAj1fQxWz1XvkRE6YTxYMBFepXjMoa0VStywcqRqDX+tNPymTqZU7pVHnJyTfROIC6ksn3WPRgqaN4tnOC1HOvaRvSU3herhXoIzKLllE+Y+EDEJvd+SWvd+jvkhsZbDtaDAxQFZ5M44o7XdnbJl5qj4hwKBP7y8beG924hwWz8tThq9m42B9HrNEMTj+UcPcaRW7MlMptT5oUO4bUy7+oGUC6f5WcmHka+2sJNXeV8iMOvJvuXYw84jrlhfe9acO8jVU2QFlPFsXV7o5U7zFo3dxdvFgE9p056OrFYftoIEAG4XAc0SxD1NyuY+vglYi7MlY8ObZe1MjgZVaSe/dBLXBCGE9oSuRU2Ay8kG9pU8CG6iphOHKnBpjU/0oBnTBuMbYIsWKl1PMV+r33WPotomEeM+xKguTmnBrGO17QboA62NhTIoUL++f8zBfVHpL2PJqdAtIWuPsjOd4Ey2+25/ymW2xRCMwYZGy7SsiUGI6NIb8llhd1zM+FClgAhvhb76CvfiIb5uqrbbEchySaRkYTEZjwl+DDpKuC9S8MMV/e47F7URW5JR4U6dQDGGBsD4YhIHOZiN0iqcbVfCrPDNHes61LmDSIGDb4Q2O7+gvafUJG4qUt68+P0VFqAws7BjqtrSi9Rh50rwolkJqrRWZMmGjqBcfoY/i7iXhUNx01P6ehexJprk0qZcHH4X7Rm/aBkLTfpCO3yTVVdPjdblDC8wTOJv+CHNRR0PDpzh8x4SgLMqOItIQutilaUarfxfknXrr8IqOvEFGdb+6MUcXKE2cY1p5NtO8mYEqepPvMtimIy8TCW4DcL2i86rIYjbBC1yI3tkZat4sLKS8FlGlqzCgIAC+96yJt6ZNjkCjTQoEhXdPRjenUe2hm6Y94VCWlob5k3LeDFjT1CfMuv3dzkTH62Cr9zJUhMbNZjQ/KmxzoB+WHVRUeK5j7bHBawZHjkCNntOaq3KNaVY32StwOZWxf5YoMsZSG/zDEkUrIZ5jySpSE=; domain=publicauth.nd.gov; path=/; SameSite=None; secure; HttpOnly |
set-cookie | x-ms-cpim-trans=eyJUX0RJQyI6W3siSSI6IjA4YTViMTc5LWJkMmEtNDI1MC1iMDM1LTNlNmUyNzliNzgyYyIsIlQiOiJuZGxvZ2luLm9ubWljcm9zb2Z0LmNvbSIsIlAiOiJiMmNfMWFfbmRsb2dpbl9zaWdudXBvcnNpZ25pbiIsIkMiOiJjYzJiZDNjZS0wNTk5LTQyYzUtYjgxOS1hMjhlMGFjYjRiMTMiLCJTIjoxLCJNIjp7fSwiRCI6MCwiRSI6IiJ9XSwiQ19JRCI6IjA4YTViMTc5LWJkMmEtNDI1MC1iMDM1LTNlNmUyNzliNzgyYyJ9; domain=publicauth.nd.gov; path=/; SameSite=None; secure; HttpOnly |
allow | OPTIONS |
allow | TRACE |
allow | GET |
allow | HEAD |
allow | POST |
x-azure-ref | 20240505T105840Z-15dfcfb9c9cp8tdfkmq5t6aqr000000003tg0000000016ak |
x-cache | CONFIG_NOCACHE |
accept-ranges | bytes |
Upcoming Headers
Cross-Origin-Embedder-Policy | Cross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP. |
---|---|
Cross-Origin-Opener-Policy | Cross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser. |
Cross-Origin-Resource-Policy | Cross-Origin Resource Policy allows a resource owner to specify who can load the resource. |
Additional Information
x-frame-options | X-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking. |
---|---|
strict-transport-security | HTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS. |
x-content-type-options | X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff". |
x-xss-protection | X-XSS-Protection sets the configuration for the XSS Auditor built into older browsers. The recommended value was "X-XSS-Protection: 1; mode=block" but you should now look at Content Security Policy instead. |
set-cookie | There is no Cookie Prefix on this cookie. This is not a SameSite Cookie. |
set-cookie | There is no Cookie Prefix on this cookie. This is not a SameSite Cookie. |
set-cookie | There is no Cookie Prefix on this cookie. This is not a SameSite Cookie. |
set-cookie | There is no Cookie Prefix on this cookie. This is not a SameSite Cookie. |