Security Report Summary
C
Site: https://www.banco-solidario.com/
IP Address: 167.86.61.204
Report Time: 11 Oct 2024 11:26:27 UTC
Headers:
  • X-Content-Type-Options
  • X-Frame-Options
  • Content-Security-Policy
  • Referrer-Policy
  • Permissions-Policy
  • Strict-Transport-Security
Warning: Grade capped at A, please see warnings below.
Advanced:
Not bad… Maybe you should perform a deeper security analysis of your website and APIs:
Missing Headers
Referrer-PolicyReferrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.
Permissions-PolicyPermissions Policy is a new header that allows a site to control which features and APIs can be used in the browser.
Warnings
Strict-Transport-SecurityThere was a duplicate Strict-Transport-Security header.
Content-Security-PolicyThis policy contains 'unsafe-inline' which is dangerous in the script-src directive.
X-Content-Type-OptionsThere was a duplicate X-Content-Type-Options header.
Raw Headers
HTTP/1.1200 OK
Content-Typetext/html; charset=UTF-8
Transfer-Encodingchunked
Connectionkeep-alive
Set-Cookie__uzma=1db4334e-5729-481f-80d7-a03823f07a57; HttpOnly; path=/; Expires=Fri, 11-Apr-25 11:26:26 GMT ; Max-Age=15724800; SameSite=Lax
Set-Cookie__uzmb=1728645986; HttpOnly; path=/; Expires=Fri, 11-Apr-25 11:26:26 GMT ; Max-Age=15724800; SameSite=Lax
Set-Cookie__uzme=1791; HttpOnly; path=/; Expires=Fri, 11-Apr-25 11:26:26 GMT ; Max-Age=15724800; SameSite=Lax
Set-Cookie__uzmc=726741083571; HttpOnly; path=/; Expires=Fri, 11-Apr-25 11:26:26 GMT ; Max-Age=15724800; SameSite=Lax
Set-Cookie__uzmd=1728645986; HttpOnly; path=/; Expires=Fri, 11-Apr-25 11:26:26 GMT ; Max-Age=15724800; SameSite=Lax
Set-Cookie__uzmf=7f6000dbf94033-6ca4-4501-8d43-43ae7560768917286459869790-bdda1ac0bd4780c910; HttpOnly; path=/; Expires=Fri, 11-Apr-25 11:26:26 GMT ; Max-Age=15724800; SameSite=Lax
Set-Cookieuzmx=7f9000e92b6e93-24b1-4d68-a637-fdca8f38d4a51-17286459869790-ecc7c5f9fa993cfc10; Domain=.banco-solidario.com; HttpOnly; path=/; Expires=Fri, 11-Apr-25 11:26:26 GMT ; Max-Age=15724800; SameSite=Lax
DateFri, 11 Oct 2024 11:26:29 GMT
Cache-Controlmax-age=3600, public
X-Drupal-Dynamic-CacheHIT
Content-languagees
X-Content-Type-Optionsnosniff
X-Frame-OptionsSAMEORIGIN
X-Drupal-Cache-Tagsblock_content:1 block_content:222 block_content:289 block_content_view block_view config:block.block.bancaporinternet config:block.block.bloquedetextosimple config:block.block.breadcrumbs config:block.block.creditos config:block.block.cuentas config:block.block.homesocial config:block.block.inversiones config:block.block.menumovil config:block.block.menusuperior config:block.block.publicaciones config:block.block.solidario_account_menu config:block.block.solidario_branding config:block.block.solidario_content config:block.block.solidario_footer config:block.block.solidario_help config:block.block.solidario_local_actions config:block.block.solidario_local_tasks config:block.block.solidario_main_menu config:block.block.solidario_messages config:block.block.solidario_page_title config:block.block.solidario_powered config:block.block.solidario_tools config:block.block.tarjetasalia config:block.block.tarjetasaliaaplicaahoraaplicancondiciones config:block.block.varios config:block_list config:filter.format.full_html config:google_tag.container.primary config:google_tag_container_list config:system.menu.cuentas config:system.menu.footer-creditos config:system.menu.footer-publicaciones config:system.menu.footer-tarjetas-alia config:system.menu.footer-varios config:system.menu.inversiones config:system.menu.main config:system.menu.menu-movil config:system.menu.menu-superior config:user.role.anonymous config:views.view.home_enlaces_inferiores cookiebot:cbid cookiebot:iab_enabled http_response local_task node:932 node:933 node:934 node:935 node:936 node:937 node:938 node:939 node:940 page_manager_route_name:page_manager.page_view_home_home-panels_variant-0 rendered user:0
X-Drupal-Cache-Contextslanguages:language_interface route theme url.path url.query_args:_wrapper_format url.site user.permissions user.roles
X-Drupal-Cache-Max-Age-1 (Permanent)
ExpiresSun, 19 Nov 1978 05:00:00 GMT
VaryCookie
X-GeneratorDrupal 10 (https://www.drupal.org)
Content-Security-Policydefault-src 'self';; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.googleadservices.com https://consent.cookiebot.com https://connect.facebook.net https://static.ads-twitter.com https://snap.licdn.com https://static.hotjar.com https://cdn.agentbot.net https://js.hs-scripts.com https://www.clarity.ms https://consent.cookiebot.com/uc.js https://connect.facebook.net/en_US/fbevents.js https://static.ads-twitter.com/uwt.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com/c/hotjar-518885.js https://cdn.agentbot.net/core/6bafd53811d9960640c8c2f1fd716e81.js https://js.hs-scripts.com/3308863.js https://analytics.tiktok.com/i18n/pixel/events.js https://www.clarity.ms/tag/dqsu9heq01 https://cdnjs.cloudflare.com/ajax/libs/limonte-sweetalert2/6.10.3/sweetalert2.min.js https://cdnjs.cloudflare.com/ajax/libs/core-js/2.4.1/core.js https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta.3/js/bootstrap.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js;; object-src 'none';; style-src 'self' 'unsafe-inline' https://www.banco-solidario.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com/ajax/libs/limonte-sweetalert2/6.10.3/sweetalert2.min.css https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js;; img-src 'self' data: https://www.facebook.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.com.ec https://t.co https://analytics.twitter.com https://imgsct.cookiebot.com https://c.clarity.ms https://px.ads.linkedin.com/collect https://aivo-assets.s3.amazonaws.com https://forms.hsforms.com https://track.hubspot.com https://c.bing.com https://www.banco-solidario.com;; media-src https://agentcore.s3.amazonaws.com;; frame-src 'self' https://virtual-solidario.com https://consentcdn.cookiebot.com https://td.doubleclick.net https://11234583.fls.doubleclick.net https://www.youtube.com https://www.banco-solidario.com;; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com;; connect-src 'self' https://virtual-solidario.com https://x.clarity.ms https://px.ads.linkedin.com https://analytics.tiktok.com https://analytics.google.com https://adapter.aivo.co;; report-uri /report-csp-violation
Strict-Transport-Securitymax-age=1000; includeSubDomains
X-Drupal-CacheHIT
Upgradeh2
X-Robots-Tagindex, follow
Strict-Transport-Securitymax-age=63072000; includeSubDomains; preload
X-Content-Type-Optionsnosniff
X-XSS-Protection1; mode=block
Content-Encodinggzip
Upcoming Headers
Cross-Origin-Embedder-PolicyCross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP.
Cross-Origin-Opener-PolicyCross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser.
Cross-Origin-Resource-PolicyCross-Origin Resource Policy allows a resource owner to specify who can load the resource.
Additional Information
X-Content-Type-OptionsX-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff".
X-Frame-OptionsX-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking.
Content-Security-PolicyContent Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets. Analyse this policy in more detail. You can sign up for a free account on Report URI to collect reports about problems on your site.
Strict-Transport-SecurityHTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS.
Strict-Transport-SecurityHTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS.
X-Content-Type-OptionsX-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff".
X-XSS-ProtectionX-XSS-Protection sets the configuration for the XSS Auditor built into older browsers. The recommended value was "X-XSS-Protection: 1; mode=block" but you should now look at Content Security Policy instead.