Security Report Summary
D
Site: https://www.aau.edu.jo/ar
IP Address: 167.172.165.59
Report Time: 05 May 2024 05:32:30 UTC
Headers:
  • X-Content-Type-Options
  • X-Frame-Options
  • Strict-Transport-Security
  • Content-Security-Policy
  • Referrer-Policy
  • Permissions-Policy
Advanced:
Your site could be at risk, let’s perform a deeper security analysis of your site and APIs:
Missing Headers
Strict-Transport-SecurityHTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS. Recommended value "Strict-Transport-Security: max-age=31536000; includeSubDomains".
Content-Security-PolicyContent Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets.
Referrer-PolicyReferrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.
Permissions-PolicyPermissions Policy is a new header that allows a site to control which features and APIs can be used in the browser.
Warnings
X-Content-Type-OptionsThere was a duplicate X-Content-Type-Options header.
Raw Headers
HTTP/1.1200 OK
DateSun, 05 May 2024 05:32:30 GMT
ServerApache
X-Content-Type-Optionsnosniff
X-Powered-ByPHP/7.2.34
Cache-Controlmust-revalidate, no-cache, private
X-Drupal-Dynamic-CacheMISS
Link<https://www.aau.edu.jo/ar>; rel="shortlink", <https://www.aau.edu.jo/ar>; rel="canonical"
X-UA-CompatibleIE=edge
Content-languagear
X-Content-Type-Optionsnosniff
X-Frame-OptionsSAMEORIGIN
X-Drupal-Cache-Tagsblock_content:5 block_content:6 block_content:9 block_content_view block_view config:block.block.aboutaau config:block.block.academicdevelopmentqualityassurancecenter config:block.block.administrationentrepreneurshipandcommunityinitiativescenter config:block.block.administrativeaccreditation_department config:block.block.administrativecomputer_information_center config:block.block.administrativeconsulting_training_center config:block.block.administrativedeanship_scientific_research_graduate_studies config:block.block.administrativedeanshipofstudentaffairs config:block.block.administrativeelearningcenter config:block.block.administrativeengineering_general_services_department config:block.block.administrativefinancial_affairs_department config:block.block.administrativehumanresourcesdepartment config:block.block.administrativeinternationalbureauandexternalrelations config:block.block.administrativelanguages_translation_center config:block.block.administrativelibraryactivities config:block.block.administrativemediaandpublicrelationsdepartment config:block.block.administrativemedicalcenter config:block.block.administrativenewadministrativeunit config:block.block.administrativequalityassurancedepartment config:block.block.administrativesupplies_and_tenders_department config:block.block.basesass_content config:block.block.basesass_help config:block.block.basesass_local_actions config:block.block.basesass_local_tasks config:block.block.basesass_messages config:block.block.basesass_page_title config:block.block.calendarsmenu config:block.block.contactus config:block.block.copyright config:block.block.datascienceartificialintelligence config:block.block.dynamicheaderbottom config:block.block.dynamicheadertop config:block.block.exposedformsearch_apipage_1 config:block.block.exposedformsearch_apipage_1_2 config:block.block.footerleft config:block.block.footerright config:block.block.headerimageblock config:block.block.hecars config:block.block.languageswitcher_2 config:block.block.leftacademics config:block.block.leftacademicscomputer_science config:block.block.leftacademicsengineering config:block.block.leftacademicsfacultyartssciences config:block.block.leftacademicsfacultybusiness config:block.block.leftacademicsfacultyeducationalpsychologicalsciences config:block.block.leftacademicsfacultyofaviationsciences config:block.block.leftacademicsfacultysharia config:block.block.leftacademicslaw config:block.block.leftacademicspharmacy config:block.block.leftadmission_2 config:block.block.leftnewsannouncmentsetc config:block.block.mainnavigation config:block.block.pagetitle config:block.block.pagetitle_2 config:block.block.quicklinks config:block.block.quicklinks2 config:block.block.quicklinks3 config:block.block.quicklinks4 config:block.block.quicklinks4_2 config:block.block.relationsandsocialresponsibility config:block.block.simplenewssubscription config:block.block.sitebranding config:block.block.slogan config:block.block.socialmedia config:block.block.socialmedia_2 config:block.block.sustainabledevelopment config:block.block.topmenu config:block.block.views_block__about_aau_block_1 config:block.block.views_block__announcements_block_1 config:block.block.views_block__dynamic_header__block_1 config:block.block.views_block__faculty_logo_block_1 config:block.block.views_block__faculty_logo_block_10 config:block.block.views_block__faculty_logo_block_11 config:block.block.views_block__faculty_logo_block_12 config:block.block.views_block__faculty_logo_block_13 config:block.block.views_block__faculty_logo_block_14 config:block.block.views_block__faculty_logo_block_15 config:block.block.views_block__faculty_logo_block_16 config:block.block.views_block__faculty_logo_block_17 config:block.block.views_block__faculty_logo_block_19 config:block.block.views_block__faculty_logo_block_2 config:block.block.views_block__faculty_logo_block_3 config:block.block.views_block__faculty_logo_block_4 config:block.block.views_block__faculty_logo_block_5 config:block.block.views_block__faculty_logo_block_6 config:block.block.views_block__faculty_logo_block_7 config:block.block.views_block__faculty_logo_block_8 config:block.block.views_block__faculty_logo_block_9 config:block.block.views_block__featured_stories_block_1 config:block.block.views_block__front_links_block_1 config:block.block.views_block__header_image_block_1 config:block.block.views_block__header_image_block_2 config:block.block.views_block__key_facts_block_1 config:block.block.views_block__latest_news_block_2 config:block.block.views_block__latest_news_block_2_2 config:block.block.views_block__media_gallery2_block_1 config:block.block.views_block__media_gallery2_block_1_2 config:block.block.views_block__media_gallery_block_1 config:block.block.views_block__media_gallery_block_1_2 config:block.block.views_block__news_inner_side_block_1 config:block.block.views_block__news_inner_side_block_2 config:block.block.views_block__news_inner_side_block_3 config:block.block.views_block__news_inner_side_block_4 config:block.block.views_block__news_inner_side_block_5 config:block.block.views_block__news_inner_side_block_6 config:block.block.views_block__news_inner_side_block_7 config:block.block.views_block__news_inner_side_block_8 config:block.block.views_block__news_inner_side_block_9 config:block.block.views_block__popup_block_1 config:block.block.views_block__student_announcements_block_1 config:block.block.views_block__student_announcements_block_1_2 config:block.block.webform config:block.block.webform_11 config:block.block.webform_12 config:block.block.webform_13 config:block.block.webform_14 config:block.block.webform_15 config:block.block.webform_16 config:block.block.webform_17 config:block.block.webform_18 config:block.block.webform_19 config:block.block.webform_2 config:block.block.webform_20 config:block.block.webform_21 config:block.block.webform_22 config:block.block.webform_23 config:block.block.webform_24 config:block.block.webform_25 config:block.block.webform_26 config:block.block.webform_27 config:block.block.webform_28 config:block.block.webform_3 config:block.block.webform_4 config:block.block.webform_5 config:block.block.webform_6 config:block.block.webform_7 config:block.block.webform_8 config:block.block.webform_9 config:block_list config:color.theme.basesass config:configurable_language_list config:custom_header_image.header_image.default_header_image config:field.storage.node.body config:field.storage.node.field_1st_text config:field.storage.node.field_2nd_text config:field.storage.node.field_animation_type config:field.storage.node.field_date config:field.storage.node.field_font_icon config:field.storage.node.field_image config:field.storage.node.field_images config:field.storage.node.field_link config:field.storage.node.field_number config:field.storage.node.field_video config:filter.format.basic_html config:filter.format.full_html config:image.style.dynamic_header_1400x535 config:image.style.front_links config:image.style.media_gallery1 config:image.style.media_gallery2 config:simple_popup_blocks.popup_popup_home config:system.menu.footer config:system.menu.main config:system.menu.quick-links-2 config:system.menu.quick-links-3 config:system.menu.quick-links-4 config:system.menu.social-media config:system.menu.top-menu config:system.site config:user.role.anonymous config:views.view.dynamic_header_ config:views.view.featured_stories config:views.view.front_links config:views.view.key_facts config:views.view.latest_news config:views.view.media_gallery config:views.view.media_gallery2 config:views.view.popup file:22874 file:31966 file:33426 file:33481 file:33485 file:33486 file:33487 file:33489 file:33491 file:33494 file:33496 file:33497 file:33498 file:33500 file:34862 file:36421 file:37017 file:37058 file:37144 file:37190 file:37244 file:39702 file:39706 file:40436 file:40437 file:40495 file:40499 file:40522 file:40524 file:40528 file:40539 http_response node:1 node:10 node:101 node:11 node:1127 node:1155 node:12 node:1473 node:1574 node:1603 node:1673 node:169 node:170 node:171 node:172 node:175 node:177 node:178 node:1795 node:1803 node:1945 node:20 node:202 node:203 node:21 node:213 node:2143 node:2144 node:2145 node:2146 node:2147 node:2148 node:2149 node:2167 node:2261 node:248 node:256 node:264 node:273 node:290 node:299 node:30 node:300 node:32 node:33 node:3371 node:34 node:3444 node:3455 node:3470 node:36 node:37 node:3760 node:38 node:3889 node:3893 node:39 node:3904 node:3922 node:4061 node:4085 node:4104 node:4170 node:4424 node:4501 node:4524 node:4554 node:4556 node:4565 node:458 node:4585 node:459 node:4610 node:471 node:475 node:476 node:478 node:480 node:481 node:497 node:501 node:5028 node:508 node:5208 node:535 node:5367 node:542 node:550 node:5563 node:5565 node:559 node:567 node:572 node:576 node:585 node:616 node:6225 node:6265 node:6267 node:6360 node:638 node:6389 node:640 node:6404 node:6405 node:6406 node:6407 node:6409 node:6410 node:649 node:714 node:88 node_list rendered slick:slick-views-dynamic-header-block-1-1.0 slick:slick-views-dynamic-header-block-1-1.14
X-Drupal-Cache-Contextslanguages route theme timezone url.path url.query_args:_wrapper_format user.node_grants:view user.permissions
ExpiresSun, 19 Nov 1978 05:00:00 GMT
Vary
X-GeneratorDrupal 8 (https://www.drupal.org)
Content-Security-Policy-Report-Onlydefault-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://aau.edu.jo https://*.aau.edu.jo *.googleusercontent.com *.jsdelivr.net *.gstatic.com *.bootstrapcdn.com *.googleapis.com *.google.com; report-uri //report-csp-violation
X-Content-Security-Policy-Report-Onlydefault-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://aau.edu.jo https://*.aau.edu.jo *.googleusercontent.com *.jsdelivr.net *.gstatic.com *.bootstrapcdn.com *.googleapis.com *.google.com; report-uri //report-csp-violation
X-WebKit-CSP-Report-Onlydefault-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://aau.edu.jo https://*.aau.edu.jo *.googleusercontent.com *.jsdelivr.net *.gstatic.com *.bootstrapcdn.com *.googleapis.com *.google.com; report-uri //report-csp-violation
X-Drupal-CacheHIT
Transfer-Encodingchunked
Content-Typetext/html; charset=UTF-8
Upcoming Headers
Cross-Origin-Embedder-PolicyCross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP.
Cross-Origin-Opener-PolicyCross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser.
Cross-Origin-Resource-PolicyCross-Origin Resource Policy allows a resource owner to specify who can load the resource.
Additional Information
ServerThis Server header seems to advertise the software being run on the server but you can remove or change this value.
X-Content-Type-OptionsX-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff".
X-Powered-ByX-Powered-By can usually be seen with values like "PHP/5.5.9-1ubuntu4.5" or "ASP.NET". Trying to minimise the amount of information you give out about your server is a good idea. This header should be removed or the value changed.
X-Content-Type-OptionsX-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff".
X-Frame-OptionsX-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking.
Content-Security-Policy-Report-OnlyContent Security Policy Report Only is used to test a Content Security Policy before making it live. The browser will report on actions that would have been taken based on the policy. Analyse this policy in more detail. You can sign up for a free account on Report URI to collect reports about problems on your site.