Security Report Summary
D
Site: | https://www.cathaycargo.com/en-us/home.html | ||
---|---|---|---|
IP Address: | 2.19.176.195 | ||
Report Time: | 17 Jan 2025 01:56:13 UTC | ||
Headers: |
|
||
Advanced: |
|
Missing Headers
Content-Security-Policy | Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets. |
---|---|
X-Content-Type-Options | X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff". |
Referrer-Policy | Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites. |
Permissions-Policy | Permissions Policy is a new header that allows a site to control which features and APIs can be used in the browser. |
Raw Headers
HTTP/2 | 200 |
---|---|
content-type | text/html;charset=utf-8 |
server | Apache |
cache-control | max-age=86400 |
last-modified | Tue, 14 Jan 2025 09:56:47 GMT |
accept-ranges | bytes |
edge-cache-tag | CathayCargo_P0_/en-us,CathayCargo_P0_/en-us/home,CathayCargo_P0_/en-us/home.html,CathayCargo_P0_ALL_AEM |
x-akamai-transformed | 9 2992 0 pmb=mTOE,3mRUM,2 |
content-encoding | gzip |
date | Fri, 17 Jan 2025 01:56:13 GMT |
content-length | 4952 |
vary | Accept-Encoding |
server-timing | cdn-cache; desc=MISS |
server-timing | edge; dur=1341 |
server-timing | origin; dur=6 |
x-log-country | IE |
x-xss-protection | 1; mode=block |
x-frame-options | SAMEORIGIN |
strict-transport-security | max-age=15768000 |
set-cookie | _abck=831A4DD672473A94FD54B0EEF3B043F7~-1~YAAQxLATAiCRiHGUAQAAbqP5cQ2dQPKv9PE+OeAqDH8Q+sgZ33rHtW5c56OqsyXqk28iSH8x7mr/y6oy6usf4YKQySfHNfP79z0gXyAcUVgi0k2M4xhOScLCcky2GKe8Vifo4nFRaVRbRaSINRFhtTr0zKXsvp/sBu1AJPXzre+qkz+xRYK55l96bRAP7II0HOTxkTrP9iWt2ZOrkO6fblu5UIOilCqyxWOyz56CXsinTXZEgnwKhqM/sgoGkILxMgJUYHt7US4bfyav+xgk7zu8kI4Dt+/parJ+vmZ1xiGs4iTuSy1rhA8lDOCn8yWwGCURfZ2+MLw0/sMV/fLWA8zgTT+9GvA1SD2gZYeAHO9GXm7dMdW5weJr0O4l6/CIl7F5XfmPh5b7+fGuBAj4bxQlEdd/+R/ciZBT9ARLToKRVQ==~-1~-1~-1; Domain=.cathaycargo.com; Path=/; Expires=Sat, 17 Jan 2026 01:56:13 GMT; Max-Age=31536000; SameSite=None; Secure |
set-cookie | ak_bmsc=D92D54F2E9B0BF318CFFB448C66806B4~000000000000000000000000000000~YAAQxLATAiGRiHGUAQAAbqP5cRqqwGbBvXY9ZBSP+oTduOCOWLXMqCxzUnRKjN81blFHOHDngerKX6S7VokPy1Qos1YvA8kShOfCW/3o8YAB/2y1R8T7oI2oFCQ0Jk2rfWnYJzkJ7mPEsnccKAmOFre15S+ur52YumrsXZlLwfCEeyLvqO5tUThJaJN0pcClKOkQ+CArbwBoGqTomsk75C05RiTU3nUhGU6pgTPU8aV0mXZrj1GyUyDXN9MOjnRJ7x55qwlhs6edKwIzTQuGudYKNhIfTU/RPmkw6yBDllfH3qLRmButYeJzgqpTxQTKdBrMkYUOiBcBLeDeQ3PsyaJ15P4dVnOyu0Oe5Cc8WmfqfQrHaX4vKoOT3qkJ7onDdK1IZf4RCwwMKgPoIwPnPg==; Domain=.cathaycargo.com; Path=/; Expires=Fri, 17 Jan 2025 03:56:11 GMT; Max-Age=7198; SameSite=None; Secure |
set-cookie | bm_mi=13175E87DE84454D8139CD0CCA2652B9~YAAQxLATAiKRiHGUAQAAbqP5cRq8TnWc0FuHnYHt+gJoXOjc/NnIo761lmYi9LaMKCmz+goBymktDhEkbKgtE3vsnYP52QWPxrqfie9faR2jk7pWLAjwPICqtB/2SkjAeo38MO2b1J9G/37awBsi5vM7Uj2x+/Z2eTtGRPQ9yh+MBn5H+8SAUUUSv6OEk3hTGc9hqC58gRfGT/Pm73yB0G5q5m13LyJiLzdAoxTl8jIrjY3+p3ZkNNYy759U6E/JeRYYOyBhINXfylTS4BHoattRdLSHZFrKb8CNPLyZ9BQ6aPA+6TZtGsToMPycJh6TozU6lQwxb0EnGoSXPrS46iw=~1; Domain=.cathaycargo.com; Path=/; Expires=Fri, 17 Jan 2025 01:56:13 GMT; Max-Age=0; SameSite=None; Secure |
set-cookie | bm_sz=150AF4C61F3A45152DFD44DCC6D3B248~YAAQxLATAiORiHGUAQAAbqP5cRrlWzdRPcFRa+IKJREhnGP4l0e/BAohOdmYcCHFzF9Kd1t5twpIzzS0LDLZMxclZYUL8GWnCsg52TE1KMG9X6e/5HBaYxRZCvjq39HKpUTg8P3AHsmV9KHTeU9yUY9gMAG6yWFzw1gyl61IisbFnrjyQ0tb5rMIujBtGaC6c+YEhn2sNJB42Wec+WyI5TiNwf/xszCSjlqTST/v5wL46DmTzIIeHM6skMfrrS8mBVSepyBVEzZO51MbRqxz8eR2wglKG2Q8WiBY3oWM27uHsibY25P+GE4bexqFsT2OraxHIX0w6z+1lsl/hRtXTbn82tB1LupeaRAh/HH0sVdJad/16Hu6GaKEeyfw2JUi4a2RUIr83QT+6C3vnWhfn9labrA=~4539718~4474420; Domain=.cathaycargo.com; Path=/; Expires=Fri, 17 Jan 2025 05:56:11 GMT; Max-Age=14398; SameSite=None; Secure |
server-timing | ak_p; desc="1737078971843_34844868_1282142416_134424_77506_1_24_15";dur=1 |
Upcoming Headers
Cross-Origin-Embedder-Policy | Cross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP. |
---|---|
Cross-Origin-Opener-Policy | Cross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser. |
Cross-Origin-Resource-Policy | Cross-Origin Resource Policy allows a resource owner to specify who can load the resource. |
Additional Information
server | This Server header seems to advertise the software being run on the server but you can remove or change this value. |
---|---|
x-xss-protection | X-XSS-Protection sets the configuration for the XSS Auditor built into older browsers. The recommended value was "X-XSS-Protection: 1; mode=block" but you should now look at Content Security Policy instead. |
x-frame-options | X-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking. |
strict-transport-security | HTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS. |