Security Report Summary
D
Site: https://tiu.ru/redirect?url=http%3a%2f%2fjiimba.com
IP Address: 185.86.56.11
Report Time: 02 Jun 2020 18:49:19 UTC
Headers:
  • Strict-Transport-Security
  • X-Content-Type-Options
  • Content-Security-Policy
  • X-Frame-Options
  • Referrer-Policy
  • Feature-Policy
Supported By
Report URI
Quickly and easily enable reporting for CSP and other Security Headers!
Raw Headers
HTTP/1.1200 OK
Servernginx/1.16.1
DateTue, 02 Jun 2020 18:49:19 GMT
Content-Typetext/html; charset=utf-8
Content-Length43517
Connectionkeep-alive
cache-controlno-cache
pragmano-cache
x-node-namesheep
x-host-nameprom-ru-web-web-6459d5fff-f7m7x
set-cookieext_referer=aHR0cHM6Ly9zZWN1cml0eWhlYWRlcnMuY29tLw==; Domain=.tiu.ru; Path=/
set-cookiecid=290898138530561411393286790364025430754; Domain=.tiu.ru; Max-Age=2592000; Path=/; expires=Thu, 02-Jul-2020 18:49:19 GMT
set-cookieuser_tracker=e8acfe4b3e27095523192bb96e821940a7aafcec|159.65.64.210|2020-06-02; Domain=.tiu.ru; Path=/
set-cookiecsrf_token=80a59584a18748c9ade1438932280709; Domain=.tiu.ru; Max-Age=31449600; Path=/; expires=Tue, 01-Jun-2021 18:49:19 GMT
link</cloud-cgi/static/uaprom-static/css/main-hc9ecbc935b90d30efd6df72c3198491ae.css>; rel=preload; as=style; nopush, </cloud-cgi/static/uaprom-static/css/portal_common-hc5956352b47c595e5b69fb63ce1a234a4.css>; rel=preload; as=style; nopush, </cloud-cgi/static/uaprom-static/css/portal-hc5f0b380175f54fd258d7a55b7d8e609c.css>; rel=preload; as=style; nopush, </cloud-cgi/static/uaprom-static/css/portal_cart-hc44b8716a11b22c18863a3a58b84c89e4.css>; rel=preload; as=style; nopush, </cloud-cgi/static/uaprom-static/js/build/content-catalog/wp_catalog_vendor_7bb01752c5478a671eb9.css>; rel=preload; as=style; nopush, </cloud-cgi/static/uaprom-static/js/build/content-catalog/wp_catalog_6d2fdb029d2225c33204.css>; rel=preload; as=style; nopush, </cloud-cgi/static/uaprom-static/js/build/content-catalog/wp_catalog_runtime_d5a88b832ec190736e23.js>; rel=preload; as=script; nopush, </cloud-cgi/static/uaprom-static/js/build/content-catalog/wp_catalog_vendor_old_7779e60db69cd953f929.js>; rel=preload; as=script; nopush, </cloud-cgi/static/uaprom-static/js/build/content-catalog/wp_catalog_vendor_bfcf25bcd94e2438287e.js>; rel=preload; as=script; nopush, </cloud-cgi/static/uaprom-static/js/build/content-catalog/wp_catalog_96f2237d207f5ba81bec.js>; rel=preload; as=script; nopush
set-cookieauth=796631f4ba6512ccbfe8a82939b306865c3dcb52; Domain=.tiu.ru; Max-Age=31536000; Path=/; expires=Wed, 02-Jun-2021 18:49:19 GMT; secure; HttpOnly
set-cookieauth=796631f4ba6512ccbfe8a82939b306865c3dcb52; Domain=.tiu.ru; Max-Age=31536000; Path=/; expires=Wed, 02-Jun-2021 18:49:19 GMT; secure; HttpOnly; SameSite=None
set-cookieunauth=887991e8edf146690a7026b555ed6cea0ec25ae1; Domain=.tiu.ru; Max-Age=31536000; Path=/; expires=Wed, 02-Jun-2021 18:49:19 GMT; secure; HttpOnly
set-cookieunauth=887991e8edf146690a7026b555ed6cea0ec25ae1; Domain=.tiu.ru; Max-Age=31536000; Path=/; expires=Wed, 02-Jun-2021 18:49:19 GMT; secure; HttpOnly; SameSite=None
set-cookieutmsrc=""; Domain=.tiu.ru; Max-Age=2592000; Path=/; Secure
set-cookieutmcmpg=""; Domain=.tiu.ru; Max-Age=2592000; Path=/; Secure
x-envoy-upstream-service-time28
Strict-Transport-Securitymax-age=31536000; preload
X-Content-Type-Optionsnosniff
X-XSS-Protection1; mode=block
Missing Headers
Content-Security-PolicyContent Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets.
X-Frame-OptionsX-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking. Recommended value "X-Frame-Options: SAMEORIGIN".
Referrer-PolicyReferrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.
Feature-PolicyFeature Policy is a new header that allows a site to control which features and APIs can be used in the browser.
Upcoming Headers
Expect-CTExpect-CT allows a site to determine if they are ready for the upcoming Chrome requirements and/or enforce their CT policy.
Additional Information
ServerThis Server header seems to advertise the software being run on the server but you can remove or change this value.
set-cookieThe 'httpOnly' flag is not set on this cookie. The 'secure' flag is not set on this cookie. There is no Cookie Prefix on this cookie. This is not a SameSite Cookie.
set-cookieThere is no Cookie Prefix on this cookie. This is not a SameSite Cookie.
set-cookieThere is no Cookie Prefix on this cookie. This is not a SameSite Cookie.
set-cookieThere is no Cookie Prefix on this cookie. This is not a SameSite Cookie.
set-cookieThere is no Cookie Prefix on this cookie. This is not a SameSite Cookie.
Strict-Transport-SecurityHTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS.
X-Content-Type-OptionsX-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff".
X-XSS-ProtectionX-XSS-Protection sets the configuration for the XSS Auditor built into older browser. The recommended value was "X-XSS-Protection: 1; mode=block" but you should now look at Content Security Policy instead.