Security Report Summary
A
Site: https://www.domen.rs/
IP Address: 2a00:e90:1000:1800::77
Report Time: 01 May 2024 15:35:39 UTC
Headers:
  • X-Content-Type-Options
  • X-Frame-Options
  • Permissions-Policy
  • Referrer-Policy
  • Content-Security-Policy
  • Strict-Transport-Security
Warning: Grade capped at A, please see warnings below.
Advanced:
Great grade! Perform a deeper security analysis of your website and APIs:
Warnings
Content-Security-PolicyThis policy contains 'unsafe-inline' which is dangerous in the default-src directive. This policy contains 'unsafe-eval' which is dangerous in the default-src directive.
Strict-Transport-SecurityThere was a duplicate Strict-Transport-Security header.
Raw Headers
HTTP/2200
servernginx
dateWed, 01 May 2024 15:35:39 GMT
content-typetext/html; charset=UTF-8
content-length20168
cache-controlmax-age=300, public
x-drupal-dynamic-cacheMISS
link<https://www.domen.rs/>; rel="canonical", <https://www.domen.rs/>; rel="shortlink"
x-ua-compatibleIE=edge
content-languagesr
x-content-type-optionsnosniff
x-frame-optionsSAMEORIGIN
expiresSun, 19 Nov 1978 05:00:00 GMT
last-modifiedSat, 27 Apr 2024 19:01:22 GMT
etagW/"1714244482"
x-generatorDrupal 8 (https://www.drupal.org)
cache-tagsblock_content:11 block_content:12 block_content:13 block_content:4 block_content:5 block_content:6 block_content_view block_view config:block.block.addtoanybuttons config:block.block.addtoanybuttons_2 config:block.block.advancedsearchlink config:block.block.allauthors config:block.block.authorssubtitle config:block.block.contactpagecontent config:block.block.cookiesenabledisableblock config:block.block.copyright config:block.block.domainsearchlink config:block.block.domen_rs_branding config:block.block.domen_rs_breadcrumbs config:block.block.domen_rs_content config:block.block.domen_rs_footer config:block.block.domen_rs_help config:block.block.domen_rs_local_actions config:block.block.domen_rs_local_tasks config:block.block.domen_rs_main_menu config:block.block.domen_rs_messages config:block.block.domen_rs_page_title config:block.block.domen_rs_qa config:block.block.domen_rs_video_articles_list config:block.block.domen_rs_videos_latest_two config:block.block.exposedformauthor_s_contentauthors_articles_all config:block.block.exposedformsearchviews_block_filter_block_plugin_display_block_1 config:block.block.footericons config:block.block.footerlogo config:block.block.home_page_categories config:block.block.languageswitcher config:block.block.mailchimpsubscriptionformlet039skeepintouch config:block.block.odaberiovlashceniregistarrnidsa config:block.block.relatedarticles config:block.block.searchbutton config:block.block.views_block__accredited_registers_registers_block config:block.block.views_block__articles_front_featured_1 config:block.block.views_block__articles_home_case_study config:block.block.views_block__articles_home_case_study_2 config:block.block.views_block__articles_interviews config:block.block.views_block__articles_interviews_1 config:block.block.views_block__articles_most_read config:block.block.views_block__articles_related_content config:block.block.views_block__articles_webinars config:block.block.views_block__articles_webinars_1 config:block.block.views_block__author_s_content_authors_articles_all config:block.block.views_block__author_s_content_authors_articles_lm config:block.block.views_block__authors_block_sidebar config:block.block.views_block__homepage_videos_block_1 config:block.block.views_block__http404_block_1 config:block.block.views_block__taxonomy_term_block config:block.block.views_block__taxonomy_term_block_all config:block.block.whoisblock config:block.block.whoisblock_2 config:block.block.whoisblock_3 config:block_list config:color.theme.domen_rs config:configurable_language_list config:cookie_category_list config:entityqueue.entity_queue.most_read config:entityqueue.entity_queue.writers config:eu_cookie_compliance.settings config:field.storage.node.body config:field.storage.node.field_created_date config:field.storage.node.field_image config:field.storage.node.field_picture config:field.storage.node.field_tags config:field.storage.node.field_video config:filter.format.basic_html config:filter.format.full_html config:google_analytics.settings config:honeypot.settings config:image.style.article_banner config:image.style.article_taxonomy_term_small_ config:image.style.authors_block_list config:image.style.frontpage_featured_small_ config:system.menu.footer config:system.menu.footer-icons config:system.menu.main config:system.site config:user.role.anonymous config:views.view.articles config:views.view.authors config:views.view.homepage config:views.view.homepage_videos entity_field_info entity_subqueue:most_read entity_subqueue:writers entity_subqueue_list file:1285 file:1304 file:1332 file:1340 file:1350 file:1351 file:1363 file:1371 file:1372 file:1380 file:1388 file:1391 file:1392 file:1394 file:1400 file:1404 file:1408 file:1409 file:277 file:278 file:279 file:281 file:565 file:590 file:592 file:912 file:920 http_response local_task node:120 node:388 node:389 node:390 node:392 node:397 node:402 node:470 node:471 node:517 node:518 node:519 node:523 node:524 node:535 node:556 node:564 node:632 node:665 node:673 node:681 node:686 node:689 node:690 node:694 node:696 node:697 node:701 node:707 node:708 node:709 node:710 node:711 node:713 node:714 node:715 node:91 node:92 node:93 node:94 node_list node_view rendered taxonomy_term:12 taxonomy_term:230 taxonomy_term:237 taxonomy_term_list user:0 user:201 user:94 views_data
x-drupal-cacheHIT
permissions-policyfullscreen=(self), geolocation=*, camera=(), microphone=(), gyroscope=()
referrer-policyno-referrer-when-downgrade
content-security-policydefault-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.rs *.gstatic.com *.googleapis.com *.google-analytics.com www.google.com/recaptcha/ maps.googleapis.com *.facebook.com *.facebook.net licensebuttons.net *.doubleclick.net *.youtube.com cdn.maksnet.tv *.adobe.com licensebuttons.net *.rnids.rs xn--d1aholi.xn--90a3ac forms.office.com *.tipometar.org *.googletagmanager.com *.jsdelivr.net static.doubleclick.net googleads.g.doubleclick.net *.chimpstatic.com chimpstatic.com static.addtoany.com *.doubleclick.net; report-uri /report-csp-violation
strict-transport-securitymax-age=31536000; includeSubDomains
content-encodinggzip
x-grace6h
x-ttl300.000
varyCookie, Accept-Encoding
x-varnish21071600 11731339
age188
via1.1 varnish (Varnish/6.0)
x-cacheHIT
accept-rangesbytes
strict-transport-securitymax-age=31536000;
Upcoming Headers
Cross-Origin-Embedder-PolicyCross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP.
Cross-Origin-Opener-PolicyCross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser.
Cross-Origin-Resource-PolicyCross-Origin Resource Policy allows a resource owner to specify who can load the resource.
Additional Information
serverThis Server header seems to advertise the software being run on the server but you can remove or change this value.
x-content-type-optionsX-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff".
x-frame-optionsX-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking.
permissions-policyPermissions Policy is a new header that allows a site to control which features and APIs can be used in the browser.
referrer-policyReferrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.
content-security-policyContent Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets. Analyse this policy in more detail. You can sign up for a free account on Report URI to collect reports about problems on your site.
strict-transport-securityHTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS.
strict-transport-securityHTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS.