Security Report Summary
D
Site: https://webkamerton.ru/
IP Address: 95.216.32.172
Report Time: 21 Jan 2022 05:11:22 UTC
Headers:
  • X-Content-Type-Options
  • Content-Security-Policy
  • Strict-Transport-Security
  • X-Frame-Options
  • Referrer-Policy
  • Permissions-Policy
Warning: Grade capped at A, please see warnings below.
Supported By
Probely
Your site could be at risk, let’s perform a deeper security analysis of your site and APIs:
Raw Headers
HTTP/2200
servernginx/1.16.0
dateFri, 21 Jan 2022 05:05:46 GMT
content-typetext/html; charset=UTF-8
x-content-type-optionsnosniff
x-powered-byPHP/7.4.16
cache-controlmust-revalidate, no-cache, private
x-drupal-dynamic-cacheHIT
link<https://webkamerton.ru/>; rel="shortlink", <https://webkamerton.ru/>; rel="canonical"
x-ua-compatibleIE=edge
content-languageru
x-content-type-optionsnosniff
x-drupal-cache-tagsblock_content:1 block_content:10 block_content:2 block_content:3 block_content:5 block_content:6 block_content:7 block_content:8 block_content:9 block_content_view block_view config:block.block.kamerton_account_menu config:block.block.kamerton_bannery config:block.block.kamerton_branding config:block.block.kamerton_breadcrumbs config:block.block.kamerton_content config:block.block.kamerton_footer config:block.block.kamerton_frontcontent config:block.block.kamerton_help config:block.block.kamerton_informer config:block.block.kamerton_kitegorii config:block.block.kamerton_kopiraitimenu config:block.block.kamerton_local_actions config:block.block.kamerton_local_tasks config:block.block.kamerton_main_menu config:block.block.kamerton_menuucetnoizapisipolzovatela config:block.block.kamerton_messages config:block.block.kamerton_nomervypuska config:block.block.kamerton_osnovnayanavigaciya config:block.block.kamerton_osnovnayanavigaciya_2 config:block.block.kamerton_pagetitle config:block.block.kamerton_popularnyematerialy config:block.block.kamerton_posledniekommentariicackle config:block.block.kamerton_powered config:block.block.kamerton_primecanie config:block.block.kamerton_raskrytaaformasearch_contentpage_1 config:block.block.kamerton_scetciki config:block.block.kamerton_sveziinomer config:block.block.kamerton_tools config:block.block.kamerton_views_block__blok_knigi_block_1 config:block.block.kamerton_views_block__blok_knigi_block_2 config:block.block.kamerton_views_block__books_block_1 config:block.block.kamerton_views_block__comments_recent_block_1 config:block.block.kamerton_views_block__karusel_na_glavnoi_block_1 config:block.block.kamerton_views_block__last_content_block_1 config:block.block.kamerton_views_block__last_content_block_2 config:block.block.kamerton_views_block__last_content_block_3 config:block.block.kamerton_views_block__materialy_polzovatela_block_1 config:block.block.kamerton_views_block__metropolis_block_1 config:block.block.kamerton_views_block__novoe_na_sayte_block_1 config:block.block.kamerton_views_block__pohozie_publikacii_block_1 config:block.block.kontaktyozhurnale config:block.block.kopirayt config:block.block.partnery config:block.block.svezhiynomershapka config:block.block.views_block__anons_main_block_1 config:block.block.views_block__anons_main_block_2 config:block.block.views_block__favorite_first_block_1 config:block.block.views_block__favorite_test_block_1 config:block.block.views_block__pohozie_publikacii_block_2 config:block.block.views_block__populyarnye_rubriki_block_1 config:block.block.views_block__poslednie_kommentarii_block_1 config:block.block.views_block__posledniy_post_iz_arkhiva_block_1 config:block_list config:color.theme.kamerton config:field.storage.node.body config:field.storage.node.field_god config:field.storage.node.field_image config:field.storage.node.field_mesyac config:field.storage.node.field_nomer config:field.storage.node.field_ssylka_na_nomer config:field.storage.taxonomy_term.field_category_image config:filter.format.full_html config:image.style.blok_novoe_360_x_180 config:image.style.knigi_glavnaya config:image.style.svezhiy_nomer_155_x_155 config:system.menu.main config:system.site config:user.role.anonymous config:views.view.anons_main config:views.view.books config:views.view.favorite_first config:views.view.favorite_test config:views.view.metropolis config:views.view.novoe_na_sayte config:views.view.populyarnye_rubriki file:13075 file:13156 file:13159 file:13394 file:13395 file:13541 file:13872 file:13958 file:15041 file:15898 file:15993 file:16035 file:16135 file:16143 file:16144 file:16160 http_response node:11958 node:12108 node:12226 node:12262 node:12604 node:12912 node:12944 node:12960 node:13004 node:13014 node:13018 node:13023 node:13026 node:13027 node:13028 node:2 node:4 node_list rendered taxonomy_term:1951 taxonomy_term:1982 taxonomy_term:1985 taxonomy_term:1993 taxonomy_term:74 taxonomy_term_list user:0 user:1008 user:13 user:187 user:2478 user:2774 user:2796 user:2813 user:2818 user:2842 user:2873 user:43
x-drupal-cache-contextslanguages:language_content languages:language_interface route theme timezone url.path url.query_args:_wrapper_format user
expires-1
vary
x-generatorDrupal 8 (https://www.drupal.org)
content-security-policy
x-drupal-cacheHIT
pragmano-cache
Missing Headers
Strict-Transport-SecurityHTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS. Recommended value "Strict-Transport-Security: max-age=31536000; includeSubDomains".
X-Frame-OptionsX-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking. Recommended value "X-Frame-Options: SAMEORIGIN".
Referrer-PolicyReferrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.
Permissions-PolicyPermissions Policy is a new header that allows a site to control which features and APIs can be used in the browser.
Warnings
X-Content-Type-OptionsThere was a duplicate X-Content-Type-Options header.
Content-Security-PolicyNo valid directives found in policy.
Upcoming Headers
Expect-CTExpect-CT allows a site to determine if they are ready for the upcoming Chrome requirements and/or enforce their CT policy.
Cross-Origin-Embedder-PolicyCross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP.
Cross-Origin-Opener-PolicyCross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser.
Cross-Origin-Resource-PolicyCross-Origin Resource Policy allows a resource owner to specify who can load the resource.
Additional Information
serverThis Server header seems to advertise the software being run on the server but you can remove or change this value.
x-content-type-optionsX-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff".
x-powered-byX-Powered-By can usually be seen with values like "PHP/5.5.9-1ubuntu4.5" or "ASP.NET". Trying to minimise the amount of information you give out about your server is a good idea. This header should be removed or the value changed.
x-content-type-optionsX-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff".
content-security-policyContent Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets. Analyse this policy in more detail. You can sign up for a free account on Report URI to collect reports about problems on your site.