Scan results for https://www.cepal.org/

Security Report Summary

Site:

https://www.cepal.org/

IP Address:

199.232.26.133

Report Time:

10 Jun 2026 03:39:56 UTC

Headers:

X-Content-Type-Options
X-Frame-Options
Content-Security-Policy
Permissions-Policy
Referrer-Policy
Strict-Transport-Security

Warning:

Grade capped at A, please see warnings below.

Advanced:

Great grade! Perform a deeper security analysis of your website and APIs:

Warnings

Content-Security-Policy	This policy contains 'unsafe-inline' which is dangerous in the script-src directive.
Permissions-Policy	We detected an invalid directive, " ch-ua". We detected an invalid directive, " ch-ua-arch". We detected an invalid directive, " ch-ua-bitness". We detected an invalid directive, " ch-ua-full-version". We detected an invalid directive, " ch-ua-full-version-list". We detected an invalid directive, " ch-ua-mobile". We detected an invalid directive, " ch-ua-model". We detected an invalid directive, " ch-ua-platform". We detected an invalid directive, " ch-ua-platform-version". We detected an invalid directive, " ch-ua-wow64".

Content-Security-Policy

This policy contains 'unsafe-inline' which is dangerous in the script-src directive.

Permissions-Policy

We detected an invalid directive, " ch-ua". We detected an invalid directive, " ch-ua-arch". We detected an invalid directive, " ch-ua-bitness". We detected an invalid directive, " ch-ua-full-version". We detected an invalid directive, " ch-ua-full-version-list". We detected an invalid directive, " ch-ua-mobile". We detected an invalid directive, " ch-ua-model". We detected an invalid directive, " ch-ua-platform". We detected an invalid directive, " ch-ua-platform-version". We detected an invalid directive, " ch-ua-wow64".

Raw Headers

HTTP/2	200
content-type	text/html; charset=UTF-8
content-language	es
x-content-type-options	nosniff
x-frame-options	SAMEORIGIN
expires	Sun, 19 Nov 1978 05:00:00 GMT
last-modified	Wed, 10 Jun 2026 02:42:27 GMT
etag	W/"1781059347"
content-security-policy	default-src 'none'; connect-src 'self' https://.cepal.org http://.cepal.org https://.google-analytics.com https://.googletagmanager.com https://.g.doubleclick.net https://.google.com https://embedr.flickr.com https://.googleapis.com http://cdnjs.cloudflare.com/ajax/libs/tagify/ https://.clarity.ms https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' https://.cepal.org https://fonts.gstatic.com https://styles.cepal.org data:; frame-src* 'self' https://.cepal.org https://www.googletagmanager.com https://.youtube.com https://youtube.com https://player.vimeo.com https://maps.google.com https://public.tableau.com https://online.fliphtml5.com https://e.issuu.com https://view.genially.com/; img-src 'self' data: https://.cepal.org https://fonts.gstatic.com https://.google-analytics.com https://.googletagmanager.com https://.g.doubleclick.net https://.google.com https://.staticflickr.com http://.staticflickr.com https://public.tableau.com https://www.google-analytics.com https://www.googletagmanager.com; media-src* 'self' https://.cepal.org; script-src* 'self' 'report-sample' 'unsafe-inline' https://.googletagmanager.com https://.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com eclacstrap.ddev.site https://cdnjs.cloudflare.com styles.cepal.org; script-src-attr 'self' 'report-sample' 'unsafe-inline'; script-src-elem 'self' 'report-sample' 'unsafe-inline' https://.cepal.org https://www.googletagmanager.com https://www.google-analytics.com https://embedr.flickr.com http://embedr.flickr.com https://widgets.flickr.com https://public.tableau.com https://.googleapis.com https://.clarity.ms cdn.jsdelivr.net cdnjs.cloudflare.com eclacstrap.ddev.site https://cdnjs.cloudflare.com styles.cepal.org; style-src* 'self' 'report-sample' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com eclacstrap.ddev.site https://cdnjs.cloudflare.com styles.cepal.org; style-src-attr 'self' 'report-sample' 'unsafe-inline'; style-src-elem 'self' 'report-sample' 'unsafe-inline' https://.cepal.org https://.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com eclacstrap.ddev.site https://cdnjs.cloudflare.com styles.cepal.org; worker-src 'self'; base-uri 'self'; form-action 'self' https://.exlibrisgroup.com/; frame-ancestors* 'self' https://.cepal.org; report-uri* https://www.cepal.org/es/log-report-uri/enforce; block-all-mixed-content
permissions-policy	accelerometer=(), autoplay=self, bluetooth=(), camera=(), ch-ua=(), ch-ua-arch=(), ch-ua-bitness=(), ch-ua-full-version=(), ch-ua-full-version-list=(), ch-ua-mobile=(), ch-ua-model=(), ch-ua-platform=(), ch-ua-platform-version=(), ch-ua-wow64=(), cross-origin-isolated=(), display-capture=(), encrypted-media=(), fullscreen=self, geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
purge-cache-tags	config:block_list config:block.block.eclacstrap_cepal_secondary_local_tasks config:block.block.eclacstrap_cepal_primary_local_tasks config:block.block.eclacstrap_cepal_primary_admin_actions config:block.block.eclacstrap_cepal_config_pages_2 config:block.block.eclacstrap_cepal_config_pages config:block.block.eclacstrap_cepal_socialmedia_2 config:configurable_language_list config:block.block.eclacstrap_cepal_languageswitcher config:block.block.eclacstrap_cepal_site_branding config:block.block.eclacstrap_cepal_menuprincipal config:block.block.eclacstrap_cepal_page_title config:block.block.eclacstrap_cepal_content config:block.block.eclacstrap_cepal__configpages__home_htmlcustom config:block.block.eclacstrap_cepal_messages config:block.block.eclacstrap_cepal_breadcrumbs config:block.block.eclacstrap_cepal_footermenusitemap config:block.block.eclacstrap_cepal_preheaderexternallinks config:block.block.eclacstrap_cepal_socialmedia config:block.block.eclacstrap_cepal_facet_topic config:block.block.eclacstrap_cepal_facet_subtopic config:block.block.eclacstrap_cepal_facet_subsidiarybody config:block.block.eclacstrap_cepal_facet_date config:block.block.eclacstrap_cepal_facet_contenttype config:block.block.eclacstrap_cepal__configpages__globalalert config:google_tag_container_list config:google_tag.container.G-SPMBKHZPHZ.67a8d5792f9893.70315668 user:0 block_view config_pages:6 config_pages_view config:system.menu.menu-footer-sitemap node:44516 node:57342 node:64961 node:69711 node:44514 node:61270 node:56327 node:64958 node:31506 node:29232 node:31505 node:64962 node:44512 node:56324 taxonomy_term:8280 node:44499 node:29319 node:30008 node:66212 config:system.menu.social-media config_pages:8 config:filter.format.raw_html config:page_manager.page.home config_pages_list:home_htmlcustom config_pages:18 config_pages:1 paragraph_view paragraph:7019 config:paragraphs.settings config:views.view.observatories taxonomy_term_list config:field.storage.taxonomy_term.field_image config:field.storage.taxonomy_term.field_redirect taxonomy_term:9037 media:1604 config:image.style.max_325x325 taxonomy_term:9048 media:1149 taxonomy_term:9042 media:1609 taxonomy_term:8299 media:26 taxonomy_term:8387 media:31 taxonomy_term:9041 media:39 taxonomy_term:8303 media:27 taxonomy_term:8458 media:22 taxonomy_term:8182 taxonomy_term:8497 media:35 taxonomy_term:8298 media:2115 taxonomy_term:8189 media:23 taxonomy_term:8388 media:32 taxonomy_term:8495 media:28 taxonomy_term:8496 media:34 taxonomy_term:8172 media:1030 taxonomy_term:9039 media:1606 taxonomy_term:8367 media:24 taxonomy_term:9047 media:2114 taxonomy_term:9038 media:1605 taxonomy_term:9044 media:1611 config_pages:16 paragraph:14993 node:86366 node:86003 node:82172 node:82176 node:72463 node:70237 splide:39df978fa23.6 node_view user:39596 paragraph:14930 config:views.view.activities node_list node:72384 node:82689 node:72306 node:86683 node:86404 node:71891 config:field.storage.node.field_course_image config:field.storage.node.field_course_method config:field.storage.node.field_course_type config:field.storage.node.field_event_date config:field.storage.node.field_event_type splide:df38267096c.6 user:311 user:36992 CACHE_MISS_IF_UNCACHEABLE_HTTP_METHOD:form paragraph:7015 node:86191 node:86790 node:86762 node:86190 node:86189 node:82644 node:86632 node:86360 splide:fba94d96372.8 user:38916 user:39500 user:39556 user:39603 local_task config:system.menu.main config:tb_megamenu.menu_config.main__eclacstrap_cepal config:system.menu.preheader-external-links config:system.site config_pages_list:global_alert rendered page_manager_route_name:page_manager.page_view_home_home-block_display-1 http_response config:user.role.anonymous config:csp.settings library_info config:permissionspolicy.settings
referrer-policy	strict-origin-when-cross-origin
content-security-policy	frame-ancestors *.cepal.org
content-encoding	gzip
x-forwarded-for	34.251.233.90, 157.52.119.52, 10.0.40.71
accept-ranges	bytes
age	2349
date	Wed, 10 Jun 2026 03:39:56 GMT
x-served-by	cache-dub4380-DUB
x-cache	HIT
x-cache-hits	0
x-timer	S1781062797.948653,VS0,VE1
vary	, Origin, Accept-Encoding
cache-control	no-store, no-cache, must-revalidate, max-age=0
strict-transport-security	max-age=31557600
alt-svc	h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length	29296

Upcoming Headers

Cross-Origin-Embedder-Policy	Cross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP.
Cross-Origin-Opener-Policy	Cross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser.
Cross-Origin-Resource-Policy	Cross-Origin Resource Policy allows a resource owner to specify who can load the resource.

Additional Information

x-content-type-options	X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff".
x-frame-options	X-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking.
content-security-policy	Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets. Analyse this policy in more detail. You can sign up for a free account on Report URI to collect reports about problems on your site.
permissions-policy	Permissions Policy is a new header that allows a site to control which features and APIs can be used in the browser.
referrer-policy	Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.
content-security-policy	Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets. Analyse this policy in more detail. You can sign up for a free account on Report URI to collect reports about problems on your site.
strict-transport-security	HTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS.