Security Report Summary
D
| Site: | https://www.groupon.de/ | ||
|---|---|---|---|
| IP Address: | 2.19.176.187 | ||
| Report Time: | 01 Sep 2025 02:27:30 UTC | ||
| Headers: |
|
||
| Advanced: |
|
Missing Headers
| Content-Security-Policy | Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets. |
|---|---|
| X-Content-Type-Options | X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff". |
| Referrer-Policy | Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites. |
| Permissions-Policy | Permissions Policy is a new header that allows a site to control which features and APIs can be used in the browser. |
Raw Headers
| HTTP/2 | 200 |
|---|---|
| content-type | text/html; charset=utf-8 |
| set-cookie | division=berlin; Max-Age=157680000; Expires=Sat, 31 Aug 2030 02:27:30 GMT; Path=/; Domain=.groupon.de |
| set-cookie | user_locale=de_DE; Max-Age=34186464; Expires=Thu, 1 Oct 2026 18:41:54 GMT; Path=/; Domain=.groupon.de; Secure |
| set-cookie | b=b5b5be78-af73-43e7-b5be-78af7393e7cc; Max-Age=315360000; Expires=Thu, 30 Aug 2035 02:27:30 GMT; Path=/; Domain=.groupon.de |
| set-cookie | s=d0e8f7a5-8a06-4068-a8f7-a58a06a06861; Max-Age=1800; Expires=Mon, 1 Sep 2025 02:57:30 GMT; Path=/; Domain=.groupon.de |
| set-cookie | sigFraudCheck=f94d843b-6163-486a-8d84-3b6163686af5; Max-Age=86400; Expires=Tue, 2 Sep 2025 02:27:30 GMT; Path=/; Domain=.groupon.de |
| set-cookie | _csrf=98OteOAZ_1kDY04a1gy6TsSF; Path=/; Secure; HTTPOnly |
| set-cookie | pageId=d0e8f7a5-8a06-4068-a8f7-a58a06a06861-1756693649719-TH0; Max-Age=34186464; Expires=Thu, 1 Oct 2026 18:41:54 GMT; Path=/; Domain=.groupon.de; Secure |
| x-external-request-id | true |
| x-request-id | c87b70a8-aa48-4069-85a9-4a791ba7f917,c87b70a8-aa48-4069-85a9-4a791ba7f917 |
| x-b-cookie | b5b5be78-af73-43e7-b5be-78af7393e7cc |
| x-s-cookie | d0e8f7a5-8a06-4068-a8f7-a58a06a06861 |
| x-signifyd-cookie | f94d843b-6163-486a-8d84-3b6163686af5 |
| x-ua-compatible | IE=edge,chrome=1 |
| x-frame-options | DENY |
| x-destination | tls_conveyor_pull_itier |
| x-b3-traceid | c87b70a8aa48406985a94a791ba7f917 |
| x-powered-by | Express |
| x-application | Pull-Itier |
| cache-control | private, max-age=0, no-cache, no-store, must-revalidate |
| x-page-id | d0e8f7a5-8a06-4068-a8f7-a58a06a06861-1756693649719-TH0 |
| link | <https://www2.grouponcdn.com/browse/assets/home_desktop-ada01c02e0.css>; rel=preload; as=style, <https://www2.grouponcdn.com/browse/assets/home_desktop-c54f8f05bb.js>; rel=preload; as=script |
| x-envoy-upstream-service-time | 471 |
| x-request-originated-from | envoy-tls-side-car--ingress-https |
| x-response-served-from | pull--eu-west-1--default--conveyor-production49 |
| x-original-request-id | c87b70a8-aa48-4069-85a9-4a791ba7f917 |
| x-forwarded-proto | https |
| server-timing | rReq;dur=470, rCon;dur=0, rHdr;dur=471 |
| x-response-served-from | routing-service--public--eu-west-1--conveyor-production49 |
| x-original-request-id | c87b70a8-aa48-4069-85a9-4a791ba7f917 |
| x-forwarded-proto | https |
| x-akamai-transformed | 0 - 0 - |
| content-encoding | gzip |
| date | Mon, 01 Sep 2025 02:27:30 GMT |
| vary | Accept-Encoding, User-Agent |
| strict-transport-security | max-age=2628000 |
| set-cookie | _abck=994209398081A5A5A1C554D3E27E2CE7~-1~YAAQvLATAhWlAAWZAQAAL9sZAw5pi3+HlVo0S7AdxzLz/2KWcb4EQOAliYVGzE0KJnVjEFROUW15nhSMaL7ncGJ4i7N1C0Zu1n23DDy4h+hdeifHMiqvEIZusKY/hY3ePSHFg6IobdyPR/+gXnq53Le4/cSKdw+0VH1NLt+3Cth2lLmtT9Fx5tjK3CrFETJ00BGjkz5ExlmTBQroWK1UIX0tfdBpkPdNaJOgsXJ+X8JRqGbYo6/FHNgQ0OVUtTjmes+6UXQwBocgqNbL0yn7vifyXixwh7BT8tMDhJvgOoaqm4y9vzk2FlABMphASwGL3bn3nTq2D2y+S+TCjwhU89UWwtLev2Nc0Q+i4V5zA6VRPfb46tUoS4DSiqE9PtzT/w36mDNDv0XA3ke2wylukOLdy5antiSwCgfN8j5XMd2zOzxvjPV0ftlMoraO6EarfrgyI7nDFUU=~-1~-1~-1~~; Domain=.groupon.de; Path=/; Expires=Tue, 01 Sep 2026 02:27:30 GMT; Max-Age=31536000; Secure |
| set-cookie | ak_bmsc=59DD3FC2EC106CA8C6FA27ABDF6B3327~000000000000000000000000000000~YAAQvLATAhalAAWZAQAAL9sZAxz/Zx43ETJNEtZw1RuTplqLyP3gMjD7sOVyrc0jzcUzWoWXhpPk3Bf6xWkDzxKvpV+nJWCClrY5r5rSClauSmvW7wxn8mmPE/Cya00iWraDRM2J+ryAuvwpP/Z6qRLH34dGuPFwj8/7HV813cL/9sbbvENISwQOL1iGIAL4NwsENY2LNS9r25Otb3toGjxiPolWDpXVuW5Pku46v8QwK/9IJq5Edd5ww0lCujLVD6ppJyZpqniKkNLtDD/kbJpmVsDJeAI88yolFUifUgjggCbZ4dPHDHbIHNw1m8jWm4TGXFjqZJzj9+00lOKLmFAEeOm2HjIHHBlPFi5dnwFKIg4QzVULWe1yltp1Fpgj5IJgC2NCb9qq1c5l0g==; Domain=.groupon.de; Path=/; Expires=Mon, 01 Sep 2025 04:27:29 GMT; Max-Age=7199 |
| set-cookie | bm_sz=799AC8F35B31A0D0B1CD118C1823F6A8~YAAQvLATAhelAAWZAQAAL9sZAxwx2awpYuX09c6CDqHqXdss4P7ymjTpMSosCjsiZZaz0ZR3AAju7wpSjlj0evYypbGDXBvBL6u4JqJpP25kGycpkUI7HaVUpcj7VqRyirmw9aekWfwknCciS7dbs95Lt80IkTe6qNTNvz5iKqu5iwWKVGBaRpMZSs732xNQYuR8IRhf6uuCqyY6zdz78Zt1pbPlcFm3rbGG1Y3OYx22jwGBJ5XKQZB4bFgtLIPXCrWe2e4lBGgzDa/OBMpNc6QKDJ6wyVvy84+uC7m/fCFqksqcNwq7/aeO+rteRWVNb7hvSt+6qWFkJHc71dm7Av0hi+iC5Z89ZyXhlZmEBRFJZrVnl5ZCP5698QfEeP//sAcajLq0O+/ruiAnacH3~3355185~4407601; Domain=.groupon.de; Path=/; Expires=Mon, 01 Sep 2025 06:27:29 GMT; Max-Age=14399 |
Upcoming Headers
| Cross-Origin-Embedder-Policy | Cross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP. |
|---|---|
| Cross-Origin-Opener-Policy | Cross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser. |
| Cross-Origin-Resource-Policy | Cross-Origin Resource Policy allows a resource owner to specify who can load the resource. |
Additional Information
| set-cookie | There is no Cookie Prefix on this cookie. This is not a SameSite Cookie. |
|---|---|
| x-frame-options | X-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking. |
| x-powered-by | X-Powered-By can usually be seen with values like "PHP/5.5.9-1ubuntu4.5" or "ASP.NET". Trying to minimise the amount of information you give out about your server is a good idea. This header should be removed or the value changed. |
| strict-transport-security | HTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS. |