Security Report Summary
D
Site: https://sztaki.hun-ren.hu/
IP Address: 195.111.1.80
Report Time: 03 May 2024 00:18:17 UTC
Headers:
  • X-Content-Type-Options
  • X-Frame-Options
  • Strict-Transport-Security
  • Content-Security-Policy
  • Referrer-Policy
  • Permissions-Policy
Advanced:
Your site could be at risk, let’s perform a deeper security analysis of your site and APIs:
Missing Headers
Strict-Transport-SecurityHTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS. Recommended value "Strict-Transport-Security: max-age=31536000; includeSubDomains".
Content-Security-PolicyContent Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets.
Referrer-PolicyReferrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.
Permissions-PolicyPermissions Policy is a new header that allows a site to control which features and APIs can be used in the browser.
Raw Headers
HTTP/1.1200 OK
DateFri, 03 May 2024 00:18:16 GMT
ServerApache/2.4.41 (Ubuntu)
Cache-Controlmust-revalidate, no-cache, private
X-Drupal-Dynamic-CacheUNCACHEABLE
X-UA-CompatibleIE=edge
Content-languagehu
X-Content-Type-Optionsnosniff
X-Frame-OptionsSAMEORIGIN
X-Drupal-Cache-Tagsblock_content:44 block_content:45 block_content:46 block_content:47 block_content:48 block_content:49 block_content:50 block_content:51 block_content:52 block_content:53 block_content:55 block_content_view block_view config:block.block.celcsoport config:block.block.felfedetturlapsztaki_searchpublic config:block.block.h2020 config:block.block.press config:block.block.szechenyifloatingblock config:block.block.szechenyiplusblock config:block.block.szechenyiplustopblock config:block.block.sztaki_related_news config:block.block.sztakimenu_sztakimain config:block.block.sztakitheme_account_menu config:block.block.sztakitheme_branding config:block.block.sztakitheme_breadcrumbs config:block.block.sztakitheme_content config:block.block.sztakitheme_help config:block.block.sztakitheme_languageswitcher config:block.block.sztakitheme_local_actions config:block.block.sztakitheme_local_tasks config:block.block.sztakitheme_main_menu config:block.block.sztakitheme_messages config:block.block.sztakitheme_page_title config:block.block.sztakitheme_sztakigeneral config:block.block.sztakitheme_tools config:block.block.sztakitheme_views_block__sztaki_news_suggestions_block_1 config:block.block.tartalomtipus config:block.block.tools config:block_list config:color.theme.sztakitheme config:configurable_language_list config:cookie_category_list config:eu_cookie_compliance.settings config:field.storage.node.field_event_date config:field.storage.node.field_images config:field.storage.node.field_logo config:filter.format.basic_html config:filter.format.full_html config:google_analytics.settings config:image.style.max_650x650 config:system.menu.sztaki-main config:system.menu.sztaki_sztaki-main config:system.site config:user.role.anonymous config:views.view.sztaki_frontpage_news config:views.view.sztaki_frontpage_projects config:views.view.sztaki_frontpage_services config:views.view.sztaki_frontpage_sticky_event file:33560 file:33565 file:33566 file:33567 file:340049 file:340053 file:340054 file:340057 file:340058 file:340059 file:340060 file:340062 file:340066 file:36204 file:36209 file:36211 file:36431 file:65912 http_response local_task node:1 node:101532 node:101533 node:101534 node:101536 node:101537 node:101540 node:101541 node:101543 node:101544 node:2 node:27504 node:27506 node:27535 node:27536 node:27542 node:27545 node:27546 node:29431 node:3 node:33350 node:33351 node:34332 node:34339 node:34340 node:34341 node:377 node:37766 node:37768 node:37781 node:4 node:41928 node:41943 node:41960 node:42056 node:42070 node:42075 node:42077 node:42085 node:42181 node:45102 node:46996 node:50772 node:52623 node_list node_view rendered search_api_autocomplete_search_list:views:sztaki_search taxonomy_term:43 taxonomy_term:49 taxonomy_term:50 taxonomy_term:51 user:0
X-Drupal-Cache-Contextslanguages:language_content languages:language_interface languages:language_url route theme url user
X-Drupal-Cache-Max-Age0 (Uncacheable)
ExpiresSun, 19 Nov 1978 05:00:00 GMT
X-GeneratorDrupal 9 (https://www.drupal.org)
X-Drupal-CacheHIT
VaryAccept-Encoding
Content-Encodinggzip
Transfer-Encodingchunked
Content-Typetext/html; charset=UTF-8
Upcoming Headers
Cross-Origin-Embedder-PolicyCross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP.
Cross-Origin-Opener-PolicyCross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser.
Cross-Origin-Resource-PolicyCross-Origin Resource Policy allows a resource owner to specify who can load the resource.
Additional Information
ServerThis Server header seems to advertise the software being run on the server but you can remove or change this value.
X-Content-Type-OptionsX-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff".
X-Frame-OptionsX-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking.