Security Report Summary
C
Site: | https://www.dreambox.com:443/ | ||
---|---|---|---|
IP Address: | 52.13.125.156 | ||
Report Time: | 19 May 2024 05:26:57 UTC | ||
Headers: |
|
||
Advanced: |
|
Missing Headers
Content-Security-Policy | Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets. |
---|---|
Referrer-Policy | Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites. |
Permissions-Policy | Permissions Policy is a new header that allows a site to control which features and APIs can be used in the browser. |
Raw Headers
HTTP/2 | 200 |
---|---|
date | Sun, 19 May 2024 05:26:57 GMT |
content-type | text/html; charset=utf-8 |
cache-control | s-maxage=31536000, stale-while-revalidate |
content-encoding | gzip |
content-security-policy-report-only | default-src 'self'; script-src 'report-sample' 'self' https://bat.bing.com/p/action/25080479.js https://cmp.osano.com/6orGTTANycUp8SXp/b6faaa7e-e779-4437-bfd7-b1690b5f61c1/osano.js https://cmp.osano.com/6orGTTANycUp8SXp/487f6b25-d82c-4778-af85-14932b8ea351/osano.js https://connect.facebook.net/signals/config/119620336139212 https://fast.wistia.com/assets/external/facebookPixel.js https://info.discoveryeducation.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion/715270855/ https://munchkin.marketo.net/162/munchkin.js https://okt.to/ping https://tagmanager.google.com https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self' https://info.discoveryeducation.com https://tagmanager.google.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://063-SDC-839.mktoresp.com https://app.clearbit.com https://distillery.wistia.com https://e.clarity.ms https://embed-fastly.wistia.com https://embedwistia-a.akamaihd.net https://fast.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://pipedream.wistia.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com data: https://use.typekit.net; frame-src 'self' https://info.discoveryeducation.com https://js.driftt.com https://www.facebook.com; img-src 'self' https://analytics.twitter.com https://dbl-live-website.imgix.net https://embed-ssl.wistia.com https://fast.wistia.com https://info.discoveryeducation.com https://px.ads.linkedin.com https://t.co https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.com.sv https://ssl.gstatic.com https://www.gstatic.com data:; manifest-src 'self'; media-src 'self'; report-uri https://e6390b213471fc12db8189a84997cf1e.report-uri.com/r/d/csp/wizard; worker-src blob:; report-to default; |
cross-origin-opener-policy | same-origin-allow-popups |
etag | "4620f-SbLclsx0F1ou1kHP7R0P7o0PoM8" |
referrer | strict-origin-when-cross-origin |
report-to | {'group':'wizard','max_age':10886400,'endpoints':[{'url':'https://e6390b213471fc12db8189a84997cf1e.report-uri.com/a/d/g/wizard'}],'include_subdomains':true}, {'group':'default','max_age': 31536000,'endpoints':[{'url':'https://e6390b213471fc12db8189a84997cf1e.report-uri.com/a/d/g'}],'include_subdomains':true} |
server | envoy |
strict-transport-security | max-age=63072000 |
vary | Accept-Encoding |
x-content-type-options | nosniff |
x-envoy-upstream-service-time | 12 |
x-frame-options | SAMEORIGIN |
x-nextjs-cache | HIT |
x-powered-by | Next.js |
Upcoming Headers
Cross-Origin-Embedder-Policy | Cross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP. |
---|---|
Cross-Origin-Resource-Policy | Cross-Origin Resource Policy allows a resource owner to specify who can load the resource. |
Additional Information
content-security-policy-report-only | Content Security Policy Report Only is used to test a Content Security Policy before making it live. The browser will report on actions that would have been taken based on the policy. Analyse this policy in more detail. |
---|---|
cross-origin-opener-policy | Cross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser. |
report-to | Report-To enables the Reporting API. This allows a website to collect reports from the browser about various errors that may occur. |
server | Server value has been changed. Typically you will see values like "Microsoft-IIS/8.0" or "nginx 1.7.2". |
strict-transport-security | HTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS. |
x-content-type-options | X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff". |
x-frame-options | X-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking. |
x-powered-by | X-Powered-By can usually be seen with values like "PHP/5.5.9-1ubuntu4.5" or "ASP.NET". Trying to minimise the amount of information you give out about your server is a good idea. This header seems to have been altered to remove such information, but could still be removed. |