Security Report Summary
D
Site: | https://vizr.ru/ | ||
---|---|---|---|
IP Address: | 185.221.152.120 | ||
Report Time: | 25 Apr 2024 15:24:31 UTC | ||
Headers: |
|
||
Advanced: |
|
Missing Headers
Content-Security-Policy | Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets. |
---|---|
X-Frame-Options | X-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking. Recommended value "X-Frame-Options: SAMEORIGIN". |
X-Content-Type-Options | X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff". |
Referrer-Policy | Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites. |
Permissions-Policy | Permissions Policy is a new header that allows a site to control which features and APIs can be used in the browser. |
Raw Headers
HTTP/1.1 | 200 OK |
---|---|
Server | nginx/1.14.1 |
Date | Thu, 25 Apr 2024 15:24:31 GMT |
Content-Type | text/html; charset=UTF-8 |
Transfer-Encoding | chunked |
Connection | keep-alive |
X-Powered-By | PHP/5.4.16 |
Set-Cookie | ci_session=iBQu7smtQAmpJdPb0OwIUQ2SIKt9YmP8PhVfm66LktO4LvdGxoruK15L4YlcvobCOJ393ZX%2F0hVQBMQPTR6BlaN6PsGhw0ig752ymwydrKRRDjXJOib4j%2BuZSg1nGQ3IeuhqAjZrbQgonRulHIjpUA0pZ8%2Fh9syCAOIOCfoarBwQHjp4vzKaoemnM63xGySKXsPYvkzjW1fiRSUJM6n%2Fy%2BiLFUWf3nEFJoDDqac0tTKZX%2FWbf%2B1N9kgMwjhLFeVCoR0ciUaiCBTPjx492UBA5zpoy9t2pMs3gyvPiuzH%2FAKDPUFY9qXxSdE18UOSmGN5u3tSoi8KhnAqkQ7ewgFtgoi96jR31JR%2Fx%2BzZPkqvNySU1%2BUVmAQoJMQfL0uVcyFLK1zwTzidgmZwMBWTzTlXkrAP%2Fw28WQwrFrGuJbeKBM596mUKxfhgDh5HacjJuelj3hvV%2BwxjUWgIbupIdi3jxw%3D%3D; expires=Sat, 25-Apr-2026 15:24:30 GMT; path=/ |
Set-Cookie | ci_session=dHpHU%2FJkhDoDAiz9xWePG6Lbo4UAGfq50c61ZcXbOltsknWdphlKrjANH7ZUHbjaJZ1p7lpW5%2BQwFyuWSSdajYr9UPgi4sHIJx5CxLqtLG6gtsrgdIc6RX6K888IY4haXlUvvgmMkIQH5kT0XzUorUCPzhXV9XuCJJjEpGh3t7hdUUt7GMDOI4lS1I2HdJEjnKBm1Inlkl%2BzLOq1xSPfGkf7cnx6QQkuulNeP9VJcQo7q5PYUVUg4Rb%2BUE1%2FiG2OeKnHMwkQzFKeDMKlf8q9tD6Yb9H%2BnbjtjChibbwOyl%2B0jR%2FVoXP7nVyJcjN91ivnC2c7YkjaqR1z9ejYG10rOvH8eZY0PaXVMHoSoFydl3g7E8JCFlepgVIXLjnKJlm92pzn0nnb8AlX3FpRYgbJkjBybmbTK570PZNpE%2F5AWKkzGIxvymrmPAHG1sQn8R4I2iCiQJjYSsOEdSRwjLjPTU8bhJqQKQPU1FDLpuakY4upDNSf4v8LCIvAzc%2B%2F7%2FX%2B5QGVAWjzJJErf4f%2Fx2lXhf0crYJCxomybBOAl%2FM3RgY%3D; expires=Sat, 25-Apr-2026 15:24:30 GMT; path=/ |
Set-Cookie | ci_session=nQWbupJR03XImyORA4HJOcacON0rZtEKmexwcE%2Fd7hyz8mKP%2B1%2FTD6JlwmhRA7dBeqFzsaowxL5LPrtI6bCWygvpkue%2BPVeywAZifvTYYcqC4lmldK7zDy4HXUBWbyOSa96QYuAm7mbHV9TsQLHTTuec9FFGL%2Fao3D3zFPeIekNmLjY2MlCKigtYyBU9XhhuzhLdkSU%2FkQxgIpSxOjIV3dRvfEq%2BnTOoKpGRL4XpZDX43CfUowsIwjAakgKXIbR%2F540BgcRqr1s0RjKJ2qVOQNWAfse0tN%2BxYgNHS%2FQCjr1021TIzzHnQOQUiy9GlMc7b33Tjmll%2FOPu%2BwZE%2B%2BnUpcpZvCOkUazIWSbCBqUZSjehPdZ4yfJgp%2BZeNm78Tp%2FLgbgBh0gHykc6%2Bto2kweeJCJozQ4vMYZv7%2BVKIY9GJmd2PBxXwv4cox7DDeuUjpAkDQPb%2BXuwIR7AP%2Bqf2Kf47MPnplDSbizI8DK2%2Fbj56utDRd8h2oKE1fbddTuEC%2F0vPmNZPzq9TclftI0dZQVn%2B4ZbhGdZ4iz9MlEvaiv87g0%3D; expires=Sat, 25-Apr-2026 15:24:30 GMT; path=/ |
Cache-Control | max-age=0 |
Expires | Thu, 25 Apr 2024 15:24:30 GMT |
Strict-Transport-Security | max-age=31536000; |
Content-Encoding | gzip |
Upcoming Headers
Cross-Origin-Embedder-Policy | Cross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP. |
---|---|
Cross-Origin-Opener-Policy | Cross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser. |
Cross-Origin-Resource-Policy | Cross-Origin Resource Policy allows a resource owner to specify who can load the resource. |
Additional Information
Server | This Server header seems to advertise the software being run on the server but you can remove or change this value. |
---|---|
X-Powered-By | X-Powered-By can usually be seen with values like "PHP/5.5.9-1ubuntu4.5" or "ASP.NET". Trying to minimise the amount of information you give out about your server is a good idea. This header should be removed or the value changed. |
Set-Cookie | The 'httpOnly' flag is not set on this cookie. The 'secure' flag is not set on this cookie. There is no Cookie Prefix on this cookie. This is not a SameSite Cookie. |
Set-Cookie | The 'httpOnly' flag is not set on this cookie. The 'secure' flag is not set on this cookie. There is no Cookie Prefix on this cookie. This is not a SameSite Cookie. |
Set-Cookie | The 'httpOnly' flag is not set on this cookie. The 'secure' flag is not set on this cookie. There is no Cookie Prefix on this cookie. This is not a SameSite Cookie. |
Strict-Transport-Security | HTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS. |